This is an automated archive made by the Lemmit Bot.
The original was posted on /r/homelab by /u/jafo on 2025-05-31 13:30:21+00:00.
I had a shower idea a couple weeks ago about a lighter-weight certificate signing service for homelabs and dev environments where full LetsEncrypt certificates might be too much of a hassle. Our dev and staging environments at work use self-signed CA for 100+ VMs, most of which respin on a nightly basis. We normally would use some tooling to sign, encrypt, and deliver via Ansible certs to our hosts, but we spend more time than I'd like managing those.
LessEncrypt is a simple client and server that uses reverse DNS lookups to identify the certificate CN and SANs, and then deliver back to the host a signed cert. It uses ports in the <1024 range to lend some air of authority to the request.
https://github.com/linsomniac/lessencrypt