lego
Let's Encrypt/ACME client and library written in Go (by go-acme)
cfssl
CFSSL: Cloudflare's PKI and TLS toolkit (by cloudflare)
| lego | cfssl | |
|---|---|---|
| 55 | 24 | |
| 7,290 | 8,473 | |
| 1.2% | 0.6% | |
| 8.9 | 7.5 | |
| 11 days ago | 4 days ago | |
| Go | Go | |
| MIT License | BSD 2-clause "Simplified" License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lego
Posts with mentions or reviews of lego.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-19.
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
-
Running one’s own root Certificate Authority in 2023
This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego
-
I am once again asking that "web" and "fullstack" developers...
My favorite method of obtaining certificates is with lets encrypt and LEGO
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
- Anyone using WireGuard with a domain name? Any ideas to lower the bills?
- Acme.sh runs arbitrary commands from a remote server
-
How do you renew SSL certificates?
Depend on host's capability... - lego - dehydrated - caddy - in case it already works as a web server, it will automatically issue and renew certs
- Automating LE renewals with dns-01?
-
LeGo CertHub v0.9.0 with Docker Support
u/gregtwallace maybe in the short term until you write your own, you could provide a hook into one of the many ACME client implementations which do DNS-01 and support the majority of major DNS provider APIs out of the box? That would make your (really great!) project much more widely usable.
- Searching for a solution to get letsencrypt and traefik working for my local nas
cfssl
Posts with mentions or reviews of cfssl.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-09-16.
- Running one’s own root Certificate Authority in 2023
- Selfhosted CA tutorial
-
i must be the only guy that understands certificates
cfssl is kinda outright better version of that.
-
SSL certificate problem: unhandled critical extension
The Cloudflare SSL tools at https://github.com/cloudflare/cfssl might help. Here's what it shows for one of the example Snake Oil certs:
-
Private CA management
I've used this in the past and it worked great. https://github.com/cloudflare/cfssl
- Linux Certificate Authority root stores have a too simple view of 'trust'
- Creating an internal Certificate Authority in 2022 that is accepted by modern web browsers.
-
How to create users in Kubernetes
The first step is to create the source key that represents our user. This key is created using a tool like openssl but another popular tool to use is cfssl, created by Cloudflare. Some folks think cfssl is easier to use, and it definitely looks easier to script. But for this example we will use openssl. You can also choose to create the key using a number of different algorithms. For this example we will use ED25519.
-
[Legal notice] IoT Core will be discontinued on Aug. 16, 2023
TLS/SSL worked well with client certificates generated by the CFSSL API.
-
Feedback on a Self-signed SSL CA?
Not sure if relevant but we used tooling from CloudFlare in the past: https://github.com/cloudflare/cfssl
What are some alternatives?
When comparing lego and cfssl you can also consider the following projects:
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
OpenSSL - TLS/SSL and crypto library
acme.sh - A pure Unix shell script implementing ACME client protocol
easy-rsa - easy-rsa - Simple shell based CA utility
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.
autocert - [mirror] Go supplementary cryptography libraries
acmetool - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
ACL - A simple but powerful Access Control List manager