Aral BalkanJan 21

šŸ„³ Minor releases

ā€¢ Auto Encrypt 5.1.0: Moves automatic IP address detection from top-level await to asynchronous createServer() method to enable servers that import to run offline when theyā€™re running on localhost) and exports IPAddresses class so servers can carry out their own automatic IP address detection (IPv4 and IPv6) if they want full control over exactly which domains and IP addresses are included in provisioned TLS certificates.Ā¹

ā€¢ @small-tech/https: Re-exports IPAddresses class so servers (like KittenĀ²) can have full control over exactly which domains and IP addresses are included in provisioned TLS certificates.Ā³

Ā¹ https://codeberg.org/small-tech/auto-encrypt/src/branch/main/CHANGELOG.md#5-1-0-2026-01-21
Ā² https://kitten.small-web.org
Ā³ https://codeberg.org/small-tech/https/src/branch/main/CHANGELOG.md#6-1-0-2026-01-21

#SmallWeb #SmallTech #AutoEncrypt #https #releaseUpdates

auto-encrypt/CHANGELOG.md at main

auto-encrypt - Automatically-provisioned TLS certificates for Node.js servers using Letā€™s Encrypt.

Codeberg.org
Aral BalkanJan 20

šŸ„³ Multiple major releases today

ā€¢ @small-tech/auto-encrypt v5.0.0 (https://codeberg.org/small-tech/auto-encrypt#readme)
ā€¢ @small-tech/auto-encrypt-localhost v10.0.0 (https://codeberg.org/small-tech/auto-encrypt-localhost/#readme)
ā€¢ @small-tech/https v6.0.0 (https://codeberg.org/small-tech/https/#readme)

These releases bring short-lived certificates, IP Address (IPv4 and IPv6) support, and ACME Renewal Information (ARI) support to Auto Encrypt and @small-tech/https, implement a consistent asynchronous API across all three packages, and include loads of little fixes and code quality improvements.

This brings us very close to getting Web NumbersĀ¹ support implemented natively in KittenĀ².

OCSP support is removed from Auto Encrypt and Windows support is dropped from all three packages as Microsoft is complicit in Israelā€™s genocide of the Palestinian peopleĀ³ and Small Technology Foundationā“ stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement. Furthermore, Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.

Enjoy!

šŸ’•

šŸ‡µšŸ‡ø To support families facing genocide in Gaza, consider donating to them via Gaza Verified: https://gaza-verified.org/donate/

Ā¹ https://ar.al/2025/06/25/web-numbers/
Ā² https://kitten.small-web.org/
Ā³ https://www.bdsmovement.net/microsoft
ā“ https://small-tech.org/

#SmallWeb #SmallTech #AutoEncrypt #AutoEncryptLocalhost #https #TLS #NodeJS #web #dev #ACME #LetsEncrypt #WebNumbers #Kitten #BDS #Palestine #Gaza #FreePalestine

auto-encrypt

Automatically-provisioned TLS certificates for Node.js servers using Letā€™s Encrypt.

Codeberg.org
Aral BalkanJan 17

Yay, first shot of Auto EncryptĀ¹ running a HTTPS web server at a Web Number (IP address).

https://ar.al/2025/06/25/web-numbers/

Next step: find out why some of the tests are failing on the Linux box, fix, and implement Web Numbers support in KittenĀ² and CatalystĀ³.

Ā¹ https://codeberg.org/small-tech/auto-encrypt#readme
Ā² https://kitten.small-web.org
Ā³ https://catalyst.small-web.org/

#WebNumbers #SmallWeb #AutoEncrypt #Kitten #Catalyst #peerToPeer #web #dev

Aral BalkanDec 21

Just added Web Reachability API (at least thatā€™s what Iā€™m calling it) support to https://ip.small-web.org.

Itā€™s for testing the reachability of your Small Web servers (using a domain or, more importantly, an IPv4/IPv6 address). Iā€™m using it to implement Web NumbersĀ¹ support in Auto EncryptĀ² and KittenĀ³.

Protocol:

ā€¢ At http://<endpoint> return an empty HTTP 200 response that includes the following custom header: 'web-reachability-id': ā€˜<uuid>'
ā€¢ Hit: https://ip.small-web.org/reach/<endpoint>/<uuid>/
ā€¢ If you get a 200 response back, your endpoint is reachable. Anything else signals an error.

Enjoy! šŸ’•

Ā¹ https://ar.al/2025/06/25/web-numbers/
Ā² https://codeberg.org/small-tech/auto-encrypt
Ā³ https://kitten.small-web.org

#WebReachabilityAPI #WebNumbers #IpAddresses #reachability #Kitten #AutoEncrypt #SmallWeb #peerToPeerWeb #SmallTech

Your IP address

Aral BalkanMay 28, 2025

Just requested that Auto EncryptĀ¹ is added to the list of @letsencrypt clients for Node.js and that KittenĀ² is added to the list of projects that integrate Letā€™s Encrypt support:

ā€¢ https://github.com/letsencrypt/website/pull/1921
ā€¢ https://github.com/letsencrypt/website/pull/1922

I originally requested that Auto Encrypt and Site.js (the precursor to Kitten, now sunset) be added to the list in 2021. It was not approved (no reason given), so hopefully this time will be different.

https://github.com/letsencrypt/website/pull/1203

Ā¹ https://codeberg.org/small-tech/auto-encrypt
Ā² https://kitten.small-web.org

#SmallWeb #SmallTech #AutoEncrypt #Kitten #LetsEncrypt #NodeJS #ACME

Add Auto Encrypt to clients.json by aral Ā· Pull Request #1921 Ā· letsencrypt/website

Automatically provisions and renews Letā€™s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.) Implements the subset of RFC 8555 ā€“ Automatic Certificate Man...

GitHub
Aral BalkanMay 27, 2025

šŸ”’ Auto Encrypt ā€“ heads up!

In the next minor version release of Auto EncryptĀ¹, weā€™ll be moving from a hard-coded date-based certificate renewal check to using ACME Renewal Information (ARI)Ā².

The changeĀ³ should be seamless.

If you have any concerns, now is the time to raise them :)

#AutoEncrypt #TLS #LetsEncrypt #SmallTech #SmallWeb

Ā¹ Drop-in Node.js https server replacement that automatically provisions and renews Letā€™s Encrypt certificates for you. (https://codeberg.org/small-tech/auto-encrypt#auto-encrypt)
Ā² https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
Ā³ https://codeberg.org/small-tech/auto-encrypt/src/branch/main/CHANGELOG.md#4-4-0-2025

auto-encrypt

Automatically-provisioned TLS certificates for Node.js servers using Letā€™s Encrypt.

Codeberg.org
Aral BalkanMay 26, 2025

šŸ‘‹šŸ¤“ Goodbye Site.js, Hello Kitten!

I started working on creating a Small WebĀ¹ server (a peer-to-peer Web server) six years agoĀ² with Site.js.

Building Site.js was my first attempt. And it resulted in:

ā€¢ Auto Encrypt (automatic Letā€™s Encrypt certificates): https://codeberg.org/small-tech/auto-encrypt

ā€¢ Auto Encrypt Localhost (automatic localhost TLS certificates): https://codeberg.org/small-tech/auto-encrypt-localhost

ā€¢ @small-tech/https (drop-in Node.js https module replacement with automatic TLS certs everywhere): https://codeberg.org/small-tech/https

ā€¢ JSDB: In-process, in-memory JavaScript database that persists to append-only JavaScript logs: https://codeberg.org/small-tech/jsdb

As Site.js reached an evolutionary dead-end, and as I learned from my experiements with replicated data types that replicated data types are *not* a prerequisite for a decentralised web (actual topological decentralisation and ease of use are), I started writing a new server/platform called Kitten from scratch while still making use of the tried and tested modules listed above.

Last week, I switched over our last site using Site.js to Kitten and, with that, today Iā€™ve sunsetĀ³ Site.js:

https://sitejs.org

For its successor, please see Kitten:

https://kitten.small-web.org

If you want to support our work at the Small Technology Foundation, please consider becoming a patron:

https://small-tech.org/fund-us

šŸ’•

Ā¹ https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/
Ā² https://ar.al/2019/08/26/introducing-small-technology-foundation/
Ā³ Using our instance of Look Over There!: https://look-over-there.small-web.org

#SiteJS #SmallWeb #SmallTech #peerToPeerWeb #SmallTechnologyFoundation #AutoEncrypt #AutoEncryptLocalhost #JSDB #JavaScriptDatabase #https #TLS

Aral BalkanFeb 8, 2025

New releases

ā€¢ Kitten (rolling release)
ā€¢ @small-tech/https version 5.3.2
ā€¢ Auto Encrypt version 4.1.3

OCSP support has been reinstated in the server so existing sites with Letā€™s Encrypt certificates provisioned prior to the removal of the OCSP stapling requirement will not fail to load in Firefox.

Kitten servers in production will automatically update to this version in a few hours. You can also sign in to the Kitten settings page on your server and do a manual update to update Kitten immediately.

Thanks to @stefan and @s1r83r for bringing this to my attention. (https://mastodon.ar.al/@aral/113969540950647873)

#Kitten #SmallWeb #SmallTech #AutoEncrypt #TLS #SSL #HTTPS #OCSP #LetsEncrypt #web #dev #NodeJS #JavaScript

Aral Balkan (@[email protected])

@[email protected] @[email protected] Thanks for the heads up, folks. So, hereā€™s whatā€™s happened: 1. Letā€™s Encrypt removed OCSP support and starting rejecting certificate requests that require OCSP stapling (a privacy feature that Kitten inherited from my Auto Encrypt module) for new server requests and will reject certificate renewal requests starting in May. 2. So I went ahead and removed the OCSP stapling requirement from the certificate requests Auto Encrypt makes to Letā€™s Encrypt. 3. I also removed OCSP support from the server. Makes sense, right? Sure does, until you consider what happens to servers with already-provisioned Letā€™s Encrypt certificates that have certificates that require OCSP stapling. (kitten.small-web.orgā€™s certificate got renewed four days ago, before Iā€™d released the updates.) *Doh!* šŸ¤¦ā€ā™‚ļø Seems Safari and Chrom(ium) are fine with letting it pass. However, Firefox, (and correctly too, I might add), refuses to load the site. So Iā€™m off to update Auto Encrypt to re-enable OCSP support with a note to disable it in May (by which time all certificates will have renewed anyway without the stapling requirement) and then issue new builds of @small-web/https and Kitten. Kitten servers should automatically upgrade and start working in Firefox in several hours. And you can also manually update them if you want to before then after Iā€™ve announced the releases. Thanks again for letting me know. :kitten:šŸ’• #Kitten #SmallWeb #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #OCSP

Aralā€™s fediverse server
Aral BalkanFeb 7, 2025

New Kitten release

ā€¢ Upgrades to version 5.3.1 of @small-tech/httpsĀ¹ which has version 4.1.2 of Auto EncryptĀ² that l removes OCSP stapling (because Letā€™s Encrypt has removed OCSP support).

Please upgrade your Kitten as soon as possible or any new Kitten servers you try to set up will fail and any certificate renewals for existing servers will start to fail in May.

https://kitten.small-web.org

(To upgrade, run `kitten update`. Your production servers will update automatically.)

Enjoy!

šŸ’•

Ā¹ https://www.npmjs.com/package/@small-tech/https
Ā² https://www.npmjs.com/package/@small-tech/auto-encrypt

#Kitten #SmallWeb #SmallTech #web #dev #TLS #HTTPS #AutoEncrypt #NodeJS #JavaScript #OCSP #LetsEncrypt

Show threadAral BalkanFeb 7, 2025

@small-tech/https version 5.3.0 released

ā€¢ Uses Auto Encrypt 4.1.1 (removes OCSP stapling support because Let]s Encrypt has removed OCSP support).

https://www.npmjs.com/package/@small-tech/https

This module is a drop in replacement for Node HTTPS module that automatically handles TLS certificate provisioning and renewal both at localhost (via Auto Encrypt LocalhostĀ¹) and at hostname (via Auto Encrypt with Letā€™s Encrypt certificatesĀ²).

So, this is how you create a HTTPS server in Node.js that uses this module and automatically handles TLS certificate provisioning and renewal for you both at localhost (during development) and at hostname (during production):

```js
import https from '@small-tech/https'

const server = https.createServer((request, response) => {
response.end('Hello, world!')
})

server.listen(443, () => {
console.log(' šŸŽ‰ Server running at https://localhost.')
})
```

(Yes, thatā€™s it! I wrote a metric shit-tonne of meticulously-tested code so you donā€™t have to.) :)

šŸ’” Note that the localhost certificate support via Auto Encrypt Localhost is 100% JavaScript and does NOT rely on an external binary like mkcert or certutil.

Needless to say, KittenĀ³ uses this module under the hood and itā€™s a big part of why Domainā“ can deploy servers so easily that donā€™t require any day-to-day maintenance.

In case youā€™re wondering why Iā€™m spending so much time releasing all these modules, itā€™s because I believe in sharing every brick of the house Iā€™m building so others can easily build different houses if they want to. Iā€™m not saying that what Iā€™m building with Kitten, Domain, and Placeāµ will be the end all be all of the Small Webā¶ (the peer-to-peer web). And I want others to be able to experiment by building their own tools without having to go through the grueling development process Iā€™ve had to in the past six years to build basic infrastructure.

Enjoy!

šŸ’•

Ā¹ https://codeberg.org/small-tech/auto-encrypt-localhost
Ā² https://codeberg.org/small-tech/auto-encrypt
Ā³ https://kitten.small-web.org
ā“ https://codeberg.org/domain/app
āµ https://codeberg.org/place/app
ā¶ https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/

#SmallWeb #SmallTech #AutoEncrypt #LetsEncrypt #localhost #TLS #SSL #HTTPS #Kitten #NodeJS #JavaScript #servers #web #dev #FOSS

@small-tech/https

A drop-in standard Node.js HTTPS module replacement with both automatic development-time (localhost) certificates via Auto Encrypt Localhost and automatic production certificates via Auto Encrypt.. Latest version: 5.3.0, last published: 3 minutes ago. Start using @small-tech/https in your project by running `npm i @small-tech/https`. There are 2 other projects in the npm registry using @small-tech/https.

npm