{"id":25649797,"url":"https://github.com/openchami/local-ca","last_synced_at":"2026-06-17T22:31:03.396Z","repository":{"id":224629730,"uuid":"763788428","full_name":"OpenCHAMI/local-ca","owner":"OpenCHAMI","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-25T19:27:39.000Z","size":29,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-26T19:44:32.606Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenCHAMI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-02-26T23:18:32.000Z","updated_at":"2026-03-25T19:26:31.000Z","dependencies_parsed_at":"2024-02-27T00:32:04.773Z","dependency_job_id":"a4f15064-f85e-417d-a317-72557cf2ff5a","html_url":"https://github.com/OpenCHAMI/local-ca","commit_stats":null,"previous_names":["openchami/local-ca"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/OpenCHAMI/local-ca","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenCHAMI%2Flocal-ca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenCHAMI%2Flocal-ca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenCHAMI%2Flocal-ca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenCHAMI%2Flocal-ca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenCHAMI","download_url":"https://codeload.github.com/OpenCHAMI/local-ca/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenCHAMI%2Flocal-ca/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34468766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-23T14:33:55.288Z","updated_at":"2026-06-17T22:31:03.381Z","avatar_url":"https://github.com/OpenCHAMI.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Local ACME Certificate authority\n\nThis repo builds a container that can be used in a docker-compose environment to create a disposable CA and issue/update certificates using certbot.\n\nIt is heavily informed by the smallstep authors via https://github.com/smallstep/certificates/blob/master/docker/entrypoint.sh\n\n## Accessing the root cert\n\nThe easiest way to obtain the cert for use validating other certs within the environment is to download the pem from the smallstep ca at the well known url: `https://step-ca:9000/roots.pem`.\n\nThe next easiest way to obtain the cert is through mounting a docker volume which contains the certificate.  See the docker-compose example below or follow the OpenCHAMI quickstart.\n\n\n## Docker Compose Usage\n\nThis container can be used with docker compose following this example:\n\n```\n  step-ca:\n    container_name: step-ca\n    hostname: step-ca\n    image: ghcr.io/openchami/local-ca:v0.1.0\n    ports: \n      - \"9000:9000\"\n    networks:\n      - openchami-certs\n    volumes:\n      - ./configs/step-ca/:/home/step\n      # Keeping the database in a volume improves performance.  I don't understand why.\n      - step-ca-db:/home/step/db\n      # Keeping the root CA in a volume allows us to back it up and restore it.\n      - step-root-ca:/root_ca/\n    environment:\n      # To initialize your CA, modify these environment variables\n      - STEPPATH=/home/step\n      - DOCKER_STEPCA_INIT_NAME=OpenCHAMI\n      - DOCKER_STEPCA_INIT_DNS_NAMES=localhost,step-ca\n      - DOCKER_STEPCA_INIT_ACME=true\n    healthcheck:\n      test: [\"CMD\", \"step\", \"ca\", \"health\", \"--ca-url\", \"https://step-ca:9000\", \"--root\", \"/root_ca/root_ca.crt\"]\n      interval: 10s\n      timeout: 10s\n      retries: 5\n  certbot-issue-cert:\n    container_name: certbot\n    hostname: certbot\n    image: certbot/certbot:v2.10.0\n    depends_on:\n      step-ca:\n        condition: service_healthy\n    environment:\n      - REQUESTS_CA_BUNDLE=/root_ca/root_ca.crt # This is the root CA certificate that we use to verify the local CA.\n    command: [ \"certonly\", \"--webroot\", \"--server\", \"https://step-ca:9000/acme/acme/directory\", \"--webroot-path\", \"/var/www/html\", \"--agree-tos\", \"--email\", \"docker-compose@example.com\", \"-d\", \"openchami.bikeshack.dev\", \"-n\" ]\n    networks:\n      - openchami-certs\n    volumes:\n      - local-certs:/etc/letsencrypt\n      - certbot-challenges:/var/www/html/\n      - step-root-ca:/root_ca:ro\n```\n\nBuild Status: [![build and publish containers](https://github.com/OpenCHAMI/local-ca/actions/workflows/build_containers.yml/badge.svg)](https://github.com/OpenCHAMI/local-ca/actions/workflows/build_containers.yml)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenchami%2Flocal-ca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenchami%2Flocal-ca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenchami%2Flocal-ca/lists"}