Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 17 Go ACME Projects
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
labca
A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).
-
letsdebug
Diagnostic tool/website to help figure out why you can't issue a certificate for Let's Encrypt
-
certificator
A tool that requests certificates from ACME supporting CA, solves DNS challenges, and stores retrieved certificates in Vault.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.
Project mention: Show HN: Clace – Platform for secure internal web applications | news.ycombinator.com | 2023-10-18
esc = select the last "stuff" just typed
The fact you can create your own "buttons" that do basically anything is pretty nice, but you REALLY want a 3 button pointing device to use it. It also doesn't care about the programming language you use to create such a button, but you will work with the filesystem metaphor provided by Acme itself to get things done.
I find the mouse interface is extremely fast, and when you couple it with the power of the plumber in Plan 9, it's a reasonably good way to navigate around a complex workflow.
It's also a reasonably small environment in terms of lines of code. The Go version (Edwood) is pretty good too! https://github.com/rjkroege/edwood
Project mention: Linux Networking Shallow Dive: WireGuard, Routing, TCP/IP and Nat | news.ycombinator.com | 2023-05-23Or instead you can have HTTP proxy over TLS in just four steps: https://github.com/Snawoot/dumbproxy/wiki/Quick-deployment
You don't even need a client for this, any modern browser can work with it right away: https://github.com/Snawoot/dumbproxy#using-http-over-tls-pro...
{ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json", "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section an> "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.", "settings": { "cert": "mydomain.duckdns.org", "WANonly": true, "_LANonly": true, "_sessionKey": "MyReallySecretPassword1", "port": 443, "aliasPort": 443, "redirPort": 80, "redirAliasPort": 80 }, "domains": { "": { "title": "MyServer", "_title2": "Servername", "_minify": true, "_newAccounts": true, "userNameIsEmail": true } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", "email": "[email protected]", "names": "domain.duckdns.org", "skipChallengeVerification": true, "production": false } }
Project mention: ☸️ Managed Kubernetes : Our dev is on AWS, our prod is on OVH | dev.to | 2023-07-01OVH Webhook for Cert Manager
There are some forks (or reimplementations) of acme that have more keybindings, allowing you to avoid mouse cording. Here are a couple that I like:
https://github.com/karahobny/acme2k
https://github.com/aarzilli/yacco
HTH
Go ACME related posts
- Need help installing and securing on Ubuntu VPC
- Running one’s own root Certificate Authority in 2023
- Caddy is the first and only web server to use HTTPS automatically and by default
- I am once again asking that "web" and "fullstack" developers...
- Let's Debug
- Where do you get/setup certificates from for your https/ssl?
- ☸️ Managed Kubernetes : Our dev is on AWS, our prod is on OVH
-
A note from our sponsor - InfluxDB
www.influxdata.com | 24 Apr 2024
Index
What are some of the best open-source ACME projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | Caddy | 53,568 |
2 | lego | 7,241 |
3 | certificates | 6,131 |
4 | boulder | 4,967 |
5 | certmagic | 4,812 |
6 | acmetool | 2,021 |
7 | traefik-certs-dumper | 423 |
8 | edwood | 371 |
9 | dumbproxy | 370 |
10 | labca | 280 |
11 | acmez | 247 |
12 | letsdebug | 125 |
13 | cert-manager-webhook-ovh | 84 |
14 | yacco | 33 |
15 | sslmgr | 25 |
16 | certificator | 12 |
17 | acmecrystal | 6 |
Sponsored