Show HN: Anchor Relay – A faster, easier way to get Let's Encrypt certificates

15•geemus•1h ago

From the cryptic terminal commands to the innumerable ways to shoot yourself in the foot, I always struggled to use TLS certificates. I love how much easier (and cheaper) Let's Encrypt made it to get certificates, but there are still plenty of things to struggle with.

That's why we built Relay: a free, browser-based tool that streamlines the ACME workflow, especially for tricky setups like homelabs. Relay acts as a secure intermediary between your ACME client and public certificate authorities like Let's Encrypt.

Some ways Relay provides a better experience:

  - really fast, streamlined certificates in minutes, with any ACME client
  - one-time upfront DNS delegation without inbound traffic or DNS credentials sprinkled everywhere
  - clear insights into the whole ACME process and renewal reminders

Try Relay now: https://anchor.dev/relay

Or read our blog post: https://anchor.dev/blog/lets-get-your-homelab-https-certifie...

Please give it a try (it only takes a couple minutes) and let me know what you think.

Comments

xmprt•1h ago

I'm sure some people would find this useful but forgive me if I'm not ready to hand away my security to some unknown third party company. I don't know the first thing about CAs but Let's Encrypt really isn't that difficult to understand.

geemus•1h ago

We take security very seriously, which is why we designed Relay to work so that we never have to see your encryption keys. If Let's Encrypt is working well enough for you, that's great, but we've also heard about rough edges that people struggle with so we are trying to help them out.

michaelt•1h ago

I believe the intent here is:

* If you want an SSL certificate for, say, your printer

* And you don’t want to expose your printer’s port 80 to the public internet because you’re not stupid

* And you don’t want to put your DNS credentials onto your printer either, because again, you’re not stupid

* And you don’t want to pay for a certificate with a longer validity, because it’s a home printer, so you’re stitch with monthly cert rotations

* And you’ve embraced the reality that one can delegate SSL not just to CAs, but also to other third parties. Usually the likes of AWS & cloudflare - but why stop there?

Then this product is what you need!

eternauta3k•1h ago

Why not sign it yourself?

woodruffw•39m ago

Most people find the user experience of self-signed certificates much worse. The developer experience for local issuance isn't great, although mkcert does a really great job of smoothing the parts that can be smoothed[1].

[1]: https://github.com/FiloSottile/mkcert

toast0•23m ago

> * If you want an SSL certificate for, say, your printer

Ummmm why does my printer need a certificate?

mholt•17m ago

If you can't trust your network, you'll want encryption, regardless of devices on it.

NoahZuniga•1h ago

Your site doesn't work. The right arrow button is always disabled

benburkert•1h ago

sorry about that! mind sharing what domain name (or something similar that also doesn't work) & what browser you used?

mano78•57m ago

iOS safari

aeaa3•1h ago

Does this means that you have the ability to

a) impersonate the identities of your users and b) decrypt the SSL traffic of your users

benburkert•1h ago

It does not.

Anchor never see sees your private keys for certificates.

We hold an ACME account key on your behalf with the CA, but we cannot use it impersonate your domain or decrypt traffic.

We have a more technical overview of how this works in our docs: https://anchor.dev/docs/public-certs/acme-relay

masfuerte•23m ago

If users delegate their DNS to you, what's stopping you issuing a certificate to yourself for their site?

traceroute66•2m ago

Oh dear.

I'm sorry. But do you really need to re-invent the wheel yet again ?

Go to the Let's Encrypt website, there is a whole page of client implementations[1].

What makes yours better than, for example, `lego` or `caddy` or `step` ?

All of which are easy to use, come with sensible defaults and do not provide you with "innumerable ways to shoot yourself in the foot".

[1] https://letsencrypt.org/docs/client-options/

WhatsApp have just fixed the PSTN (and simultaneously killed it)

A note about eventual consistency

FTC sues LA Fitness for making it exceedingly hard to cancel gym memberships

Zed for Windows: What's Taking So Long?

How do LSM Trees work?

Why is my device a touchpad and a mouse and a keyboard?

Major autism study uncovers biologically distinct subtypes

How Americans View Journalists in the Digital Age

Our Shared Reality Will Self-Destruct in the Next 12 Months

Show HN: Bizcardz.ai – Custom metal business cards

Political Donations via ChatGPT Agent

A Climate of Unparalleled Malevolence

The theory and practice of selling the Aga cooker (1935) [pdf]

Fine-Tuned Open Sourced Models vs. System Tuned SOTA Models for Customization?

GSA launches AI sandbox, says it won't be around for long

Show HN: Nestable.dev – local whiteboard app with nestable canvases, deep links

Show HN: We beat Google DeepMind but got killed by Zhipu AI

We keep fixing symptoms, not root causes

A refresher on end-to-end API Security

Modal's custom container runtime, filesystems, and GPU solver

Ultra Ethernet's Design Principles and Architectural Innovations

Russian drone fell in eastern Poland

Proxy 4: The Next Leap in C++ Polymorphism

I gave Claude Code a folder of tax documents and used it as a tax agent

The Dangerous Legal Strategy Coming for Our Books

Privacy Washing Is a Dirty Business

Can Peanut Allergies Be Cured?

Show HN: Llmswap v3.0 – CLI and SDK for OpenAI, Claude, Gemini, Watsonx

Show HN: Turn any study material into practice questions with one photo

Show HN: I built an app to track expense temptation