Just want simple TLS for your .internal network?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • internal-contstrained-pki

    Safely shareable TLS root CA for .internal networks using Name Constraints

  • CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  • mkcert

    A simple zero-config tool to make locally trusted development certificates with any names you'd like.

    mkcert might be getting this as well: https://github.com/FiloSottile/mkcert/pull/309/commits/92215... (this is linked from the current submission's readme)

  • cert-manager

    Automatically provision and manage TLS certificates in Kubernetes

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    Not OP but I have a couple of implementations: one using caddyserver[0] as a reverse proxy in a docker-compose set up, and the other is a Kubernetes cluster using cert-manager[1].

    [0] https://caddyserver.com/

  • bettertls

    BetterTLS: A Name Constraints test suite for HTTPS clients.

    A word of warning, client side support of name constraints may still be incomplete. I know it works on modern Firefox and Chrome, but there's lots of other software that uses HTTPS.

    This repo links to BetterTLS, which previously audited name constraint support, but BetterTLS only checked name constraint support at the intermediary certificates not at the trust anchors. I reported[1] the oversight a year back, but Netflix hasn't re-engineered the tests.

    Knowing how widely adopted name constraints are on the client side would be really useful, but I haven't seen a caniuse style analysis.

    Personally, I think the public CA route is better and I built a site that explores this[2].

    [1] https://github.com/Netflix/bettertls/issues/19

    [2] https://www.getlocalcert.net/

  • acme.sh

    A pure Unix shell script implementing ACME client protocol

    I use Dynu.com as my DNS provider (they're cheap, provide APIs and very fast to update which is great for home IP addresses that may change). Then, to get the certificates, I use https://github.com/acmesh-official/acme.sh which is a shell script. Copying the certificates to the relevant machines is done by a BASH script that runs the relevant acme.sh commands.

  • Invidious

    Invidious is an alternative front-end to YouTube

    I'm looking for an answer to that. https://invidious.io/ looks like what I want, but I haven't tried it to see.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    How does this compare with smallstep step-ca certificates?

    https://github.com/smallstep/certificates

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Special-Use Domain 'Home.arpa.'

    1 project | news.ycombinator.com | 4 Jun 2024
  • Running one’s own root Certificate Authority in 2023

    12 projects | news.ycombinator.com | 16 Sep 2023
  • I am once again asking that "web" and "fullstack" developers...

    1 project | /r/sysadmin | 30 Aug 2023
  • Where do you get/setup certificates from for your https/ssl?

    3 projects | /r/oraclecloud | 7 Jul 2023
  • Distributing ACME Let'sEncrypt certs for homelab

    1 project | /r/homelab | 5 Jul 2023

Did you konow that Go is
the 4th most popular programming language
based on number of metions?