Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/evenh/intercert
Use Let's Encrypt on private (LAN) servers using DNS validation
https://github.com/evenh/intercert
acme dns internal-network letsencrypt
Last synced: about 1 month ago
JSON representation
Use Let's Encrypt on private (LAN) servers using DNS validation
- Host: GitHub
- URL: https://github.com/evenh/intercert
- Owner: evenh
- License: mit
- Created: 2018-09-28T07:25:33.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-02-08T02:29:06.000Z (10 months ago)
- Last Synced: 2024-08-01T15:41:26.511Z (4 months ago)
- Topics: acme, dns, internal-network, letsencrypt
- Language: Go
- Size: 358 KB
- Stars: 76
- Watchers: 3
- Forks: 6
- Open Issues: 19
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# intercert [![Build Status](https://travis-ci.org/evenh/intercert.svg?branch=master)](https://travis-ci.org/evenh/intercert) [![Go Report Card](https://goreportcard.com/badge/github.com/evenh/intercert)](https://goreportcard.com/report/github.com/evenh/intercert)
_Brings Let's Encrypt to LAN and other locked down environments._
---
**This is a work in progress (unstable). Contributions are very welcome!**## How it works
1. A server instance is running somewhere in your network infrastructure, with network access to
your DNS [provider of choice](https://github.com/go-acme/lego/tree/master/providers/dns) and the ACME directory you'll want to use (Let's Encrypt most likely).
The server is configured with the DNS names you control (e.g. `somecompany.io` and `other.co`).
2. Clients are deployed on the machines where you need the certificates for your applications.
3. Certificates magically appear on the client machine in the directory you've configured.## Deployment diagram
```
LAN
+------------------------------------------------------------------------------------+
| |
| |
| |
| Server 1 |
| +--------------------------------------------+ |
| | | |
| | my-db.somecompany.io | |
| | app1.somecompany.io intercert (client) | |
| | app2.somecompany.io | +-----------------------+ |
| +--------------------------------------------+----------| | |
| | | |
| Server N | intercert (server) | |
| +--------------------------------------------+----------| | |
| | | +-----------------------+ |
| | redis.somecompany.io | / | |
| | intranet.other.co intercert (client) | / | |
| | | / | |
| +--------------------------------------------+ / | |
| / | |
+------------------------------------------------------/------------------------|----+
+------------------ +----------------|-+
| | | |
| DNS-provider | | ACME provider |
| | | |
+-----------------+ +------------------+
```## Thanks
A huge thanks to these projects
- [certmagic](https://github.com/mholt/certmagic) - does the hard work for intercert
- [lego](https://github.com/go-acme/lego) - the underpinning library for certmagic, and provides the DNS validation capability