Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 ACME Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
letsencrypt
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
getssl
obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
-
certify
Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
-
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
-
Posh-ACME
PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)
-
narrowlink
A self-hosted solution to enable secure connectivity between devices across restricted networks like NAT or firewalls
-
Crypt-LE
Crypt::LE - Let's Encrypt / Buypass / ZeroSSL and other ACME-servers client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, EAB (External Account Binding) supported, easily extended with plugins, easily dockerized.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
As a result, any certificates issued (or renewed) after Feb 8th will not work on older Android devices (< 7.1.1), unless the ACME client has been configure to request an alternate certificate chain. The "alternate chain" workaround will also stop working on June 6th.
I need to support these older Android devices so I am looking for alternatives. I have seen ZeroSSL mentioned a few times; it is also the default CA for acme.sh (the ACME client I am using nowadays) [2]. They have a number of paid plans but ACME certificates are free [3].
I'll be testing this over the next few days, but I would also like to ask if people here have experience with ZeroSSL (good or bad :-). Any feedback would be helpful.
[1]: https://letsencrypt.org/2023/07/10/cross-sign-expiration.html
[2]: https://github.com/acmesh-official/acme.sh
[3]: https://zerossl.com/documentation/acme/
I've been running mailcow [1] on a Hetzner cloud server for a few years and am pretty happy with it.
Project mention: Wireguard (docker-compose) has stopped being able to connect to the internet. | /r/WireGuard | 2023-07-10My hunch is that because I decided to include the acme-companion image in this nginx setup, that maybe it has something to do with the SSL certs? The only other thing I could think of is that I had to combine the networks in order for nginx-proxy and Sonarr both to be able to see my transmission instance via:
Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16I've had a lot of success with https://github.com/dehydrated-io/dehydrated . It exposes the different parts of the process (deploy challenge to DNS, deploy cert to filesystem, etc) as hooks, so it's pretty easy to integrate with anything and however you want, if you don't mind writing a bit of bash. There's a few scripts out there that use Cloudflare that you can use as well.
There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.
Project mention: Show HN: Clace – Platform for secure internal web applications | news.ycombinator.com | 2023-10-18
A 'competitor' to this would be GetSSL which is a pure-shell ACME client (plus OpenSSL and cURL) and can be executed on one host, but send verification tokens to remote systems (where you may not have cron access):
> Get certificates for remote servers - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, as it's a shared server for example.
Project mention: Seeking Guidance: SSL Certification for a Local Server in Windows 2019 Data Center Environment | /r/sysadmin | 2023-05-23Option 2+: If your public DNS is hosted by a provider that has Win-ACME or Certify the Web support, use Let's Encrypt and automate the whole thing.
Project mention: Setting Up a Kubernetes Cluster on AWS EKS With Eksctl and Deploying an App | dev.to | 2024-03-30cert-manager is a CRD (Custom Resource Definition) that dynamically generates TLS/SSL certificates for our applications using Let's Encrypt (although it also supports other issuers).
esc = select the last "stuff" just typed
The fact you can create your own "buttons" that do basically anything is pretty nice, but you REALLY want a 3 button pointing device to use it. It also doesn't care about the programming language you use to create such a button, but you will work with the filesystem metaphor provided by Acme itself to get things done.
I find the mouse interface is extremely fast, and when you couple it with the power of the plumber in Plan 9, it's a reasonably good way to navigate around a complex workflow.
It's also a reasonably small environment in terms of lines of code. The Go version (Edwood) is pretty good too! https://github.com/rjkroege/edwood
Project mention: Linux Networking Shallow Dive: WireGuard, Routing, TCP/IP and Nat | news.ycombinator.com | 2023-05-23Or instead you can have HTTP proxy over TLS in just four steps: https://github.com/Snawoot/dumbproxy/wiki/Quick-deployment
You don't even need a client for this, any modern browser can work with it right away: https://github.com/Snawoot/dumbproxy#using-http-over-tls-pro...
ACME related posts
- Ask HN: What should a Alternative to LetsEncrypt offer
- Setting Up a Kubernetes Cluster on AWS EKS With Eksctl and Deploying an App
- Ask HN: What is your experience with ZeroSSL?
- Narrowlink 0.2.4 Just Released
- Why Certificate Lifecycle Automation Matters
- AWS Lightsail Java Server Setup Memo
- The Bureau of Meteorology website does not support connections via HTTPS
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source ACME projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Caddy | 53,568 |
2 | acme.sh | 36,360 |
3 | letsencrypt | 30,786 |
4 | Mailcow | 7,891 |
5 | acme-companion | 7,250 |
6 | lego | 7,241 |
7 | certificates | 6,131 |
8 | dehydrated | 5,717 |
9 | win-acme | 5,028 |
10 | boulder | 4,964 |
11 | certmagic | 4,798 |
12 | getssl | 2,035 |
13 | acmetool | 2,021 |
14 | LettuceEncrypt | 1,506 |
15 | certify | 1,448 |
16 | docker-nginx-certbot | 849 |
17 | website | 818 |
18 | Posh-ACME | 719 |
19 | narrowlink | 517 |
20 | traefik-certs-dumper | 423 |
21 | edwood | 371 |
22 | dumbproxy | 369 |
23 | Crypt-LE | 348 |