CertMate – SSL Certificate Management System

https://github.com/fabriziosalmi/certmate

21•indigodaddy•6h ago

Comments

ozim•4h ago

I like how docker and kubernetes were supposed to solve dependency problems.

But then I read:

Prerequisites Docker 20.10+ Docker Compose 2.0+.

So now if I have app that can run on v19 I need docker for dockers :) to use CertMate because if I upgrade my other apps might be messed up.

meepmorp•4h ago

Yeah, nobody should ever employ features that only work on newer versions of software because then someone somewhere might not be able to make use of them.

But less snarkily, maybe put in the work to hack up their dockerfiles if you want to do something they don't directly support.

schwingy•4h ago

Sounds cool, but what if you don't use one of the listed DNS providers, but rather run your own DNS? I didn't see an option that would let you do that.

CaliforniaKarl•4h ago

RFC2136 would let you do that, though setting it up is “an exercise left up to the reader”. My suggestion would be to get RFC2136 working with certbot first.

haddonist•3h ago

This may be good for the selfhoster who is running more an a couple of sites.

But a GUI to manage enterprise-level SSL fleets? Doubtful.

Not when a change/configuration management system (Puppet, Chef, Ansible etc etc..) driven by git commits enables single-source-of-truth, peer-review, and automatic creation/monitoring/renewal of certificates.

woleium•1h ago

SSL officially became TLS in 1999 when the Internet Engineering Task Force published TLS 1.0 as RFC 2246. TLS 1.0 was designed as an upgrade to SSL 3.0, addressing security vulnerabilities and making several improvements, but the changes were significant enough to prevent interoperability between SSL 3.0 and TLS 1.0

It seems a bit silly to call a new tool an SSL manager?

browningstreet•1h ago

You can’t fight mindshare. Naming is branding, not a ruleset.

Maybe think of it as “SSL certs” the thing uses TLS x.0 standard.

Too many people will say “what?” if you call it TLS cert management. Or worse, they will ignore it because it doesn’t trip the synapses.

nodesocket•49m ago

So this just writes the certificates to disk and you still have to manage binding certificates to services? I’m using Caddy in-front of containers using Cloudflare DNS and it works amazingly. Zero configuration.

Xfinity using WiFi signals in your house to detect motion

The new skill in AI is not prompting, it's context engineering

I write type-safe generic data structures in C

Rust CLIs with Clap

There are no new ideas in AI only new datasets

People Keep Inventing Prolly Trees

The hidden JTAG in a Qualcomm/Snapdragon device’s USB port

YouTube No Translation

Melbourne man discovers extensive model train network underneath house

Donkey Kong Country 2 and Open Bus

End of an Era

The Original LZEXE (A.K.A. Kosinski) Compressor Source Code Has Been Released

GPEmu: A GPU emulator for rapid, low-cost deep learning prototyping [pdf]

Jim Boddie codeveloped the first successful DSP at Bell Labs

Show HN: TokenDagger – A tokenizer faster than OpenAI's Tiktoken

Entropy of a Mixture

They don't make 'em like that any more: Sony DTC-700 audio DAT player/recorder

Show HN: New Ensō – first public beta

Ask HN: What Are You Working On? (June 2025)

Price of rice in Japan falls below ¥4k per 5kg

Harvest Move – A game that requires careful movement

Creating fair dice from random objects

Claude Code now supports Hooks

14.ai (YC W24) hiring founding engineers in SF to build a Zendesk alternative

The Plot of the Phantom, a text adventure that took 40 years to finish

A CarFax for Used PCs; Hewlett Packard wants to give old laptops new life

Public Signal Backups Testing

Show HN: Local LLM Notepad – run a GPT-style model from a USB stick

Ask HN: What's the 2025 stack for a self-hosted photo library with local AI?

Show HN: We're two coffee nerds who built an AI app to track beans and recipes