{"id":13824681,"url":"https://github.com/bradfitz/autocertdelegate","last_synced_at":"2025-06-16T12:38:18.007Z","repository":{"id":57503816,"uuid":"230041186","full_name":"bradfitz/autocertdelegate","owner":"bradfitz","description":"Get LetsEncrypt TLS certs for internal-only TLS servers via a delegated golang.org/x/crypto/acme/autocert server.","archived":false,"fork":false,"pushed_at":"2020-03-06T23:21:12.000Z","size":7,"stargazers_count":247,"open_issues_count":2,"forks_count":18,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-05-09T01:44:34.725Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bradfitz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-25T04:28:47.000Z","updated_at":"2025-04-20T19:59:04.000Z","dependencies_parsed_at":"2022-08-28T02:01:02.349Z","dependency_job_id":null,"html_url":"https://github.com/bradfitz/autocertdelegate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bradfitz/autocertdelegate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fautocertdelegate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fautocertdelegate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fautocertdelegate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fautocertdelegate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bradfitz","download_url":"https://codeload.github.com/bradfitz/autocertdelegate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradfitz%2Fautocertdelegate/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260163194,"owners_count":22968215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:01:07.221Z","updated_at":"2025-06-16T12:38:17.980Z","avatar_url":"https://github.com/bradfitz.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# autocertdelegate\n\n## What\n\n[I wanted](https://twitter.com/bradfitz/status/1206058552357355520)\ninternal HTTPS servers to have valid TLS certs with minimal fuss.\n\nIn particular:\n\n* I didn't want to deal with being my own CA or configuring all my\n  devices to trust a new root.\n* I didn't want to use LetsEncrypt DNS challenges because there are\n  tons of DNS providers and I don't want API clients for tons of DNS\n  providers and I don't want to configure secrets (or anything)\n  anywhere.\n* I don't want to expose my internal services to the internet or deal\n  with updating firewall rules to only allow LetsEncrypt.\n\n## How\n\nSee https://godoc.org/github.com/bradfitz/autocertdelegate\n\nIt provides a client that plugs in to an http.Server to get certs \u0026 a\nserver handler for a public-facing server that does the LetsEncrypt\nALPN challenges. You then do split-horizon DNS to give out internal\nIPs to internal clients and a public IP (of the delegate server) to\neverybody else (namely LetsEncrypt doing the ALPN challenges).\n\nThen internal clients just ask the delegate server for the certs, and\nthe delegate server does a little challenge itself to test the\ninternal clients.\n\n## Is it secure?\n\nI built this for my own use on my home network.\nMaybe you'll find it useful, but maybe you'll find it insecure.\nBeauty is in the eye of the downloader.\n\n## Contributing\n\nI'm releasing as a Go project under the Go AUTHORs/LICENSEs, as it's\nrelated to golang.org/x/crypto/acme/autocert. As such, I'm not\naccepting any PRs unless you've contributed to Go or otherwise done\nthe Google CLA.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradfitz%2Fautocertdelegate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbradfitz%2Fautocertdelegate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradfitz%2Fautocertdelegate/lists"}