So... it's here, right? After I waited almost 7 years... And it hopefully wouldn't turn into other "after 9 months pay us 10$/month" scam like ZeroSSL...
And... I will finally have federation in my Matrix server I guess :blobcatjoy:
It was funny to try to set it up. I don't understand how these automation scripts work - all I know was how to do things manually with simple bash scripts and openssl config files.
Last night it finally worked with acme.sh, so maybe it would just keep working itself from now...
These releases bring short-lived certificates, IP Address (IPv4 and IPv6) support, and ACME Renewal Information (ARI) support to Auto Encrypt and @small-tech/https, implement a consistent asynchronous API across all three packages, and include loads of little fixes and code quality improvements.
This brings us very close to getting Web Numbers¹ support implemented natively in Kitten².
OCSP support is removed from Auto Encrypt and Windows support is dropped from all three packages as Microsoft is complicit in Israel’s genocide of the Palestinian people³ and Small Technology Foundation⁴ stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement. Furthermore, Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
🥳 @small-tech/auto-encrypt-localhost version 9.0.1 released
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Polka, Express.js, etc.) Unlike mkcert, 100% written in JavaScript with no external/binary dependencies. As used in Kitten¹
• Windows is no longer supported as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³. Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
Auto Encrypt Localhost is similar to the Go utility mkcert but with the following important differences:
It’s written in pure JavaScript for Node.js.
It does not require certutil to be installed.
It uses a different technique to install its certificate authority in the system trust store of macOS.
It uses enterprise policies on all platforms to get Firefox to include its certificate authority from the system trust store.
In addition to its Command-Line Interface, it can be used programmatically to automatically handle local development certificate provisioning while creating your server.
Auto-Encrypt Localhost is licensed under AGPL version 3.0.
Reaching out to anyone who configured their DNS transport protocol. If you intentionally configured your home router's or your devices DNS service, what did you pick, and why?
While I do maintain that "it's coming from the LAN" is not a good #security boundary, there are services where it is practical (eg. media center volume control), but also fault prone (oups my phone just switched to LTE for power saving – a generally justified thing).
Before I start formalizing how "a device can retain permissions it gets from being local for a few days" could work with EST/#TLS/#EDHOC: Does this model have a name, and/or have you ever seen it discussed or deployed anywhere?
@JessTheUnstill That's an approach I'll consider, though I'd have hoped to do with less setup than that. (Like, I don't suppose I can broadcast that Wireguard "QR code" inside the WiFi?).