Go Letsencrypt

Open-source Go projects categorized as Letsencrypt

Top 23 Go Letsencrypt Projects

  • traefik

    The Cloud Native Application Proxy

    Project mention: Deploying Web Apps with Caddy: A Beginner's Guide Caddy | news.ycombinator.com | 2024-02-27

    Not as good though. Case in point: https://github.com/traefik/traefik/issues/5472#issuecomment-... (that's just from this morning)

    I'm speak objectively here. Of course, any built-in auto HTTPS that works (more or less) is better than none. Traefik uses an ACME library that was originally written for Caddy. After the original author left that project, Traefik team started maintaining it. Caddy's users' requirements exceeded what the library was capable of, but unfortunately there was friction in getting it to achieve our requirements. So I ended up writing a new ACME client library in Go and, together with upgrades in CertMagic (Caddy's auto-TLS lib), Caddy has the more flexible, robust, and capable auto-HTTPS functionality.

    That is to say, not all auto-HTTPS functionalities are the same.

  • Echo

    High performance, minimalist Go web framework

    Project mention: Go + Hypermedia - A Learning Journey (Part 1) | dev.to | 2024-02-23

    Echo - web framework for Go

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • cert-manager

    Automatically provision and manage TLS certificates in Kubernetes

    Project mention: Importing kubernetes manifests with terraform for cert-manager | dev.to | 2024-01-17

    terraform { required_providers { kubectl = { source = "gavinbunney/kubectl" version = "1.14.0" } } } # The reference to the current project or a AWS project data "google_client_config" "provider" {} # The reference to the current cluster or EKS data "google_container_cluster" "my_cluster" { name = var.cluster_name location = var.cluster_location } # We configure the kubectl provider to use those values for authenticating provider "kubectl" { host = data.google_container_cluster.my_cluster.endpoint token = data.google_client_config.provider.access_token cluster_ca_certificate = base64decode(data.google_container_cluster.my_cluster.master_auth[0].cluster_ca_certificate) } #Download the multiple manifests file. data "http" "cert_manager_crds" { url = "https://github.com/cert-manager/cert-manager/releases/download/v${var.cert_manager_version}/cert-manager.crds.yaml" } data "kubectl_file_documents" "cert_manager_crds" { content = data.http.cert_manager_crds.response_body lifecycle { precondition { condition = 200 == data.http.cert_manager_crds.status_code error_message = "Status code invalid" } } } # We use the for_each or else this kubectl_manifest will only import the first manifest in the file. resource "kubectl_manifest" "cert_manager_crds" { for_each = data.kubectl_file_documents.cert_manager_crds.manifests yaml_body = each.value }

  • lego

    Let's Encrypt/ACME client and library written in Go

    Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16

    This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego

  • Miniflux

    Minimalist and opinionated feed reader

    Project mention: First-Gen Social Media Users Have Nowhere to Go | news.ycombinator.com | 2024-02-05

    I see this all the time and while at the time I thought the same there's so many good alternatives these days, even better than back then. All the interesting and small websites I want to follow still have RSS feeds so I feel like we can move on.

    The two I use for many years already are:

    - https://miniflux.app (OS, Minimal, web interface and can be used with all clients that support Fever or Google Reader API)

    - https://reederapp.com

  • certmagic

    Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

    Project mention: Show HN: Clace – Platform for secure internal web applications | news.ycombinator.com | 2023-10-18
  • acmetool

    :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • acme-dns

    Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.

    Project mention: Subdomain.center – discover all subdomains for a domain | news.ycombinator.com | 2023-09-15

    Getting a wildcard certificate from LE might be a better option, depending on how easy the extra bit of if plumbing is with your lab setup.

    You need to use DNS based domain identification, and once you have a cert distribute it to all your services. The former can be automated using various common tools (look at https://github.com/joohoi/acme-dns, self-hosted unless you are only securing toys you don't really care about, if you self host DNS or your registrar doesn't have useful API access) or you can leave that as an every ~ten weeks manual job, the latter involves scripts to update you various services when a new certificate is available (either pushing from where you receive the certificate or picking up from elsewhere). I have a little VM that holds the couple of wildcard certificates (renewing them via DNS01 and acmedns on a separate machine so this one is impossible to see from the outside world), it pushes the new key and certificate out to other hosts (simple SSH to copy over then restart nginx/Apache/other).

    Of course you may decide that the shin if your own CA is easier than setting all this up, as you can sign long lived certificates for yourself. I prefer this because I don't need to switch to something else if I decide to give friends/others access to something.

  • gobetween

    :cloud: Modern & minimalistic load balancer for the Сloud era

  • Armor

    Uncomplicated, modern HTTP server

  • ssl-proxy

    :lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)

  • autotls

    Support Let's Encrypt for a Go server application.

  • labca

    A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).

    Project mention: Any tool can do Let’s Encrypt PKI/CA but for internal systems (no public DNS) ? | /r/selfhosted | 2023-04-10
  • s3www

    Serve static files from any S3 compatible object storage services (Let's Encrypt ready)

  • letsdebug

    Diagnostic tool/website to help figure out why you can't issue a certificate for Let's Encrypt

    Project mention: Need help installing and securing on Ubuntu VPC | /r/MeshCentral | 2023-12-09

    { "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json", "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section an> "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.", "settings": { "cert": "mydomain.duckdns.org", "WANonly": true, "_LANonly": true, "_sessionKey": "MyReallySecretPassword1", "port": 443, "aliasPort": 443, "redirPort": 80, "redirAliasPort": 80 }, "domains": { "": { "title": "MyServer", "_title2": "Servername", "_minify": true, "_newAccounts": true, "userNameIsEmail": true } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", "email": "[email protected]", "names": "domain.duckdns.org", "skipChallengeVerification": true, "production": false } }

  • certmaster

    Automatically renew certs and install to destinations

    Project mention: Why Certificate Lifecycle Automation Matters | news.ycombinator.com | 2024-01-30

    Shameless plug: I've built a tool that automatically generates certs and uploads to destinations. https://github.com/poundifdef/certmaster

    It uses Lego under the hood to issue certs, and then has custom connectors to upload to destinations. Right now those are email, sftp, and hetzner load balancers.

    I'm working on adding the ability for it to automatically renew and re-upload when certs are 30 days from expiration.

  • roxy

    Roxy the Frontend Proxy

  • syno-cli

    Synology unofficial API CLI and library

  • eclaire

    lightning-fast static site webserver with automatic HTTPS right out of the box! (by donuts-are-good)

  • certificator

    A tool that requests certificates from ACME supporting CA, solves DNS challenges, and stores retrieved certificates in Vault.

  • https-forward

    A forwarding HTTPS server using Let's Encrypt

  • devops

    This code will setup a new FREE VM on google cloud with postgres, a load balancer, and a web app that can query from the postgres running on localhost. (by andrewarrow)

    Project mention: Setup a free Google Cloud (e2-micro) VM with psql and a webapp | /r/programming | 2023-07-06
  • agent

    R2 server tools agent (by r2dtools)

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-27.

Go Letsencrypt related posts


What are some of the best open-source Letsencrypt projects in Go? This list will help you:

Project Stars
1 traefik 47,008
2 Echo 28,022
3 cert-manager 11,257
4 lego 7,126
5 Miniflux 5,904
6 certmagic 4,753
7 acmetool 2,019
8 acme-dns 1,927
9 gobetween 1,888
10 Armor 1,661
11 ssl-proxy 699
12 autotls 358
13 labca 266
14 s3www 143
15 letsdebug 120
16 certmaster 69
17 roxy 50
18 syno-cli 32
19 eclaire 13
20 certificator 12
21 https-forward 11
22 devops 11
23 agent 2
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives