getssl
lego
getssl | lego | |
---|---|---|
9 | 55 | |
2,036 | 7,269 | |
0.3% | 1.2% | |
7.0 | 8.9 | |
14 days ago | 10 days ago | |
Shell | Go | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
getssl
-
Why Certificate Lifecycle Automation Matters
A 'competitor' to this would be GetSSL which is a pure-shell ACME client (plus OpenSSL and cURL) and can be executed on one host, but send verification tokens to remote systems (where you may not have cron access):
> Get certificates for remote servers - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, as it's a shared server for example.
* https://github.com/srvrco/getssl
-
why should we use ssl certificates for our self-hosted services in our internal network?
I first got by with self signed certificates, but with all the major browsers warning they'll stop supporting those eventually I finally bit the bullet last month and installed getssl to automatically update all my certificates once a month.
-
letsencrypt with noip free domain?
because I didn't want to install another package manager (snapd) on my Ubuntu 18.04 server I checked the ACME Client Implementations page and decided to try getssl, a nice little shell script that does everything I need and then some.
-
Running certbot container on schedule without cron?
I just have a dedicated container that runs getssl everyday. Anything that has a web interface (Or anything that requires TLS) gets it's own conf file that gets added to the daily check. Each conf file tells getssl how to load the certificate for its particular service.
-
LetsEncrypt / CertBot without snapd?
I have been using https://github.com/srvrco/getssl for years on my raspberry pi. It's a much simpler Bash script that doesn't break after every update.
- Uacme: ACMEv2 client written in plain C with minimal dependencies
- Any reason NOT to use Debian-provided Certbot?
-
Old files keep appearing bug
i have a problem where after installing getssl (https://github.com/srvrco/getssl) to /root/.getssl i populated it's contents with bunch of SSL files using Dockerfile's COPY command. And now no matter what i do they keep reappearing.
-
Should you use Let's Encrypt for internal hostnames?
> acme.sh
Another shell-based ACME client I like is dehyradted. But for sending certs to remote systems from one central area, perhaps the shell-based GetSSL:
> Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for automating the process on remote servers.
* https://github.com/srvrco/getssl
In general, what you may want to do is configure Ansible/Puppet/etc, and have your ACME client drop the new cert in a particular area and have your configuration management system push things out from there.
lego
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
-
Running one’s own root Certificate Authority in 2023
This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego
-
I am once again asking that "web" and "fullstack" developers...
My favorite method of obtaining certificates is with lets encrypt and LEGO
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
- Anyone using WireGuard with a domain name? Any ideas to lower the bills?
- Acme.sh runs arbitrary commands from a remote server
-
How do you renew SSL certificates?
Depend on host's capability... - lego - dehydrated - caddy - in case it already works as a web server, it will automatically issue and renew certs
- Automating LE renewals with dns-01?
-
LeGo CertHub v0.9.0 with Docker Support
u/gregtwallace maybe in the short term until you write your own, you could provide a hook into one of the many ACME client implementations which do DNS-01 and support the majority of major DNS provider APIs out of the box? That would make your (really great!) project much more widely usable.
- Searching for a solution to get letsencrypt and traefik working for my local nas
What are some alternatives?
boulder - An ACME-based certificate authority, written in Go.
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
cli - 🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
acme.sh - A pure Unix shell script implementing ACME client protocol
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
uacme - ACMEv2 client written in plain C with minimal dependencies
autocert - [mirror] Go supplementary cryptography libraries
puppeteer - Node.js API for Chrome
acmetool - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
acme-tiny - A tiny script to issue and renew TLS certs from Let's Encrypt
ACL - A simple but powerful Access Control List manager