certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

  •        39

CertMagic is the most mature, robust, and capable ACME client integration for Go. With CertMagic, you can add one line to your Go application to serve securely over TLS, without ever having to touch certificates.

https://godoc.org/github.com/mholt/certmagic
https://github.com/mholt/certmagic

Tags
Implementation
License
Platform

   




Related Projects

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

dokku-letsencrypt - BETA: Automatic Let's Encrypt TLS Certificate installation for dokku

  •    Shell

dokku-letsencrypt is the official plugin for dokku that gives the ability to automatically retrieve and install TLS certificates from letsencrypt.org. During ACME validation, your app will stay available at any time.Note: Your app must already be deployed and accessible in the browser in order to add letsencrypt to your app. Your app just being created is not enough. If you need to, add a temporary certificate to your app prior to adding letsencrypt by running dokku certs:generate <app> DOMAIN to make your app accessible.

kube-cert-manager - Manage Lets Encrypt certificates for a Kubernetes cluster.

  •    Go

This project is loosely based on https://github.com/kelseyhightower/kube-cert-manager It took over most of its documentation, license, as well as the general approach to how things work. The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.

rancher-letsencrypt - :cow: Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA

  •    Go

A Rancher service that obtains free SSL/TLS certificates from the Let's Encrypt CA, adds them to Rancher's certificate store and manages renewal and propagation of updated certificates to load balancers. If using the HTTP challenge, a reverse proxy that routes example.com/.well-known/acme-challenge to rancher-letsencrypt.


certbot - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server

  •    Python

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free, so there’s no need to arrange payment.

pem - Create private keys and certificates with node.js

  •    Javascript

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server. Please have a look into the API documentation.

acme-client - Let's Encrypt / ACME client written in PHP for the CLI.

  •    PHP

kelunik/acme-client is an ACME client written in PHP. ACME is the protocol that powers the Let's Encrypt certificate authority.

Caddy - Fast, cross-platform HTTP/2 web server with automatic HTTPS

  •    Go

Caddy is a general-purpose HTTP/2 web server that serves HTTPS by default. Caddy is fast, easy to use, and makes you more productive.

acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely

  •    Go

A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Many DNS servers do not provide an API to enable automation for the ACME DNS challenges. Those which do, give the keys way too much power. Leaving the keys laying around your random boxes is too often a requirement to have a meaningful process automation.

ansible-letsencrypt - An ansible role to generate TLS certificates and get them signed by Let's Encrypt

  •    

An ansible role to generate TLS certificates and get them signed by Let's Encrypt. Currently attempts first to use the webroot authenticator, then if that fails to create certificates, it will use the standalone authenticator. This is handy for generating certs on a fresh machine before the web server has been configured or even installed.

forge - A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  •    Javascript

A native implementation of TLS (and various other cryptographic tools) in JavaScript. The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography utilities, and a set of tools for developing Web Apps that utilize many network resources.

auto-sni - 🔐 Free, automated HTTPS for NodeJS made easy.

  •    Javascript

If you have any questions, throw them up on gitter. AutoSNI requires access to low level ports 80 (http) and 443 (https) to operate by default. These ports are typically restricted by the operating system.

cert-manager - Automatically provision and manage TLS certificates in Kubernetes

  •    Go

cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

boulder - An ACME-based CA, written in Go.

  •    Go

This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains.Boulder has a Dockerfile to make it easy to install and set up all its dependencies. This is how the maintainers work on Boulder, and is our main recommended way to run it.

certify - SSL Certificate Manager UI for Windows, powered by Let's Encrypt

  •    CSharp

The SSL/TLS Certificate Management GUI for Windows, powered by Let's Encrypt, allowing you to generate and install free SSL certificates for Windows/IIS (with automated renewal). Advanced users can explore the different validation modes, deployment modes and other advanced options.

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

Nogotofail - Network Security Testing Tool

  •    Python

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation.

  •    Go

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN. Hyperfox is capable of forging SSL certificates on the fly if you provide it with a root CA certificate and its corresponding key. If the target machine recognizes the root CA as trusted, then HTTPs traffic can be successfully decrypted, intercepted and recorded.