Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more โ
Top 23 Letsencrypt Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
letsencrypt
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
-
full-stack-fastapi-template
Full stack, modern web application template. Using FastAPI, React, SQLModel, PostgreSQL, Docker, GitHub Actions, automatic HTTPS and more.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
getssl
obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
-
acme-dns
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
-
lua-resty-auto-ssl
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
-
certify
Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19A very relevant question. Acme.sh, a similar shell script ACME client, had a remote code execution problem last year.
https://github.com/acmesh-official/acme.sh/issues/4668
Echo - web framework for Go
Project mention: Building a Secure API with FastAPI, PostgreSQL, and Hanko Authentication | dev.to | 2023-10-30This project is a modification of the authentication flow of the awesome repository made by tiangolo at full-stack-fastapi-postgresql
cert-manager
Project mention: Wireguard (docker-compose) has stopped being able to connect to the internet. | /r/WireGuard | 2023-07-10My hunch is that because I decided to include the acme-companion image in this nginx setup, that maybe it has something to do with the SSL certs? The only other thing I could think of is that I had to combine the networks in order for nginx-proxy and Sonarr both to be able to see my transmission instance via:
Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
Project mention: Show HN: OpenOrb, a curated search engine for Atom and RSS feeds | news.ycombinator.com | 2024-04-22https://github.com/miniflux/v2 in case anyone else was also wondering
Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19From this commit:
https://github.com/dehydrated-io/dehydrated/commit/b116e6bc2...
Project mention: Roundcube and docker-mailserver (Docker Mailserver) on the same VPS | /r/selfhosted | 2023-12-06Consider installing Mailu instead, which is a single Docker container with a full mail server and Roundcube on top. Very easy to install.
Project mention: Show HN: Clace โ Platform for secure internal web applications | news.ycombinator.com | 2023-10-18
Project mention: BunkerWeb: Nginx-based open-source Web Application Firewall (WAF) | news.ycombinator.com | 2024-01-09
I use this repo as a reverse proxy: https://github.com/evertramos/nginx-proxy-automation/tree/main/docs
A 'competitor' to this would be GetSSL which is a pure-shell ACME client (plus OpenSSL and cURL) and can be executed on one host, but send verification tokens to remote systems (where you may not have cron access):
> Get certificates for remote servers - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, as it's a shared server for example.
* https://github.com/srvrco/getssl
Project mention: Subdomain.center โ discover all subdomains for a domain | news.ycombinator.com | 2023-09-15Getting a wildcard certificate from LE might be a better option, depending on how easy the extra bit of if plumbing is with your lab setup.
You need to use DNS based domain identification, and once you have a cert distribute it to all your services. The former can be automated using various common tools (look at https://github.com/joohoi/acme-dns, self-hosted unless you are only securing toys you don't really care about, if you self host DNS or your registrar doesn't have useful API access) or you can leave that as an every ~ten weeks manual job, the latter involves scripts to update you various services when a new certificate is available (either pushing from where you receive the certificate or picking up from elsewhere). I have a little VM that holds the couple of wildcard certificates (renewing them via DNS01 and acmedns on a separate machine so this one is impossible to see from the outside world), it pushes the new key and certificate out to other hosts (simple SSH to copy over then restart nginx/Apache/other).
Of course you may decide that the shin if your own CA is easier than setting all this up, as you can sign long lived certificates for yourself. I prefer this because I don't need to switch to something else if I decide to give friends/others access to something.
Project mention: Seeking Guidance: SSL Certification for a Local Server in Windows 2019 Data Center Environment | /r/sysadmin | 2023-05-23Option 2+: If your public DNS is hosted by a provider that has Win-ACME or Certify the Web support, use Let's Encrypt and automate the whole thing.
Letsencrypt related posts
- Dehydrated: Letsencrypt/acme client implemented as a shell-script
- How to Build Email Server with Exim on Alma Linux 9
- Ask HN: What should a Alternative to LetsEncrypt offer
- deploying a minio service to kubernetes
- Setting Up a Kubernetes Cluster on AWS EKS With Eksctl and Deploying an App
- Run WebAssembly on DigitalOcean Kubernetes with SpinKube - In 4 Easy Steps
- Ask HN: What is your experience with ZeroSSL?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 23 Apr 2024
Index
What are some of the best open-source Letsencrypt projects? This list will help you:
Project | Stars | |
---|---|---|
1 | traefik | 47,726 |
2 | acme.sh | 36,360 |
3 | letsencrypt | 30,817 |
4 | Echo | 28,466 |
5 | nginxconfig.io | 27,057 |
6 | full-stack-fastapi-template | 22,704 |
7 | cert-manager | 11,429 |
8 | acme-companion | 7,261 |
9 | lego | 7,241 |
10 | Miniflux | 6,228 |
11 | dehydrated | 5,886 |
12 | Mailu | 5,400 |
13 | win-acme | 5,028 |
14 | certmagic | 4,812 |
15 | BunkerWeb | 3,422 |
16 | nginx-proxy-automation | 2,611 |
17 | getssl | 2,035 |
18 | acmetool | 2,021 |
19 | acme-dns | 1,960 |
20 | lua-resty-auto-ssl | 1,921 |
21 | gobetween | 1,888 |
22 | Armor | 1,664 |
23 | certify | 1,448 |
Sponsored