Aral BalkanDec 21

Just added Web Reachability API (at least that’s what I’m calling it) support to https://ip.small-web.org.

It’s for testing the reachability of your Small Web servers (using a domain or, more importantly, an IPv4/IPv6 address). I’m using it to implement Web Numbers¹ support in Auto Encrypt² and Kitten³.

Protocol:

• At http://<endpoint> return an empty HTTP 200 response that includes the following custom header: 'web-reachability-id': ‘<uuid>'
• Hit: https://ip.small-web.org/reach/<endpoint>/<uuid>/
• If you get a 200 response back, your endpoint is reachable. Anything else signals an error.

Enjoy! 💕

¹ https://ar.al/2025/06/25/web-numbers/
² https://codeberg.org/small-tech/auto-encrypt
³ https://kitten.small-web.org

#WebReachabilityAPI #WebNumbers #IpAddresses #reachability #Kitten #AutoEncrypt #SmallWeb #peerToPeerWeb #SmallTech

Your IP address

Aral BalkanMay 28

Just requested that Auto Encrypt¹ is added to the list of @letsencrypt clients for Node.js and that Kitten² is added to the list of projects that integrate Let’s Encrypt support:

https://github.com/letsencrypt/website/pull/1921
https://github.com/letsencrypt/website/pull/1922

I originally requested that Auto Encrypt and Site.js (the precursor to Kitten, now sunset) be added to the list in 2021. It was not approved (no reason given), so hopefully this time will be different.

https://github.com/letsencrypt/website/pull/1203

¹ https://codeberg.org/small-tech/auto-encrypt
² https://kitten.small-web.org

#SmallWeb #SmallTech #AutoEncrypt #Kitten #LetsEncrypt #NodeJS #ACME

Add Auto Encrypt to clients.json by aral · Pull Request #1921 · letsencrypt/website

Automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.) Implements the subset of RFC 8555 – Automatic Certificate Man...

GitHub
Aral BalkanMay 27

🔒 Auto Encrypt – heads up!

In the next minor version release of Auto Encrypt¹, we’ll be moving from a hard-coded date-based certificate renewal check to using ACME Renewal Information (ARI)².

The change³ should be seamless.

If you have any concerns, now is the time to raise them :)

#AutoEncrypt #TLS #LetsEncrypt #SmallTech #SmallWeb

¹ Drop-in Node.js https server replacement that automatically provisions and renews Let’s Encrypt certificates for you. (https://codeberg.org/small-tech/auto-encrypt#auto-encrypt)
² https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
³ https://codeberg.org/small-tech/auto-encrypt/src/branch/main/CHANGELOG.md#4-4-0-2025

auto-encrypt

Automatically-provisioned TLS certificates for Node.js servers using Let’s Encrypt.

Codeberg.org
Aral BalkanMay 26

👋🤓 Goodbye Site.js, Hello Kitten!

I started working on creating a Small Web¹ server (a peer-to-peer Web server) six years ago² with Site.js.

Building Site.js was my first attempt. And it resulted in:

• Auto Encrypt (automatic Let’s Encrypt certificates): https://codeberg.org/small-tech/auto-encrypt

• Auto Encrypt Localhost (automatic localhost TLS certificates): https://codeberg.org/small-tech/auto-encrypt-localhost

• @small-tech/https (drop-in Node.js https module replacement with automatic TLS certs everywhere): https://codeberg.org/small-tech/https

• JSDB: In-process, in-memory JavaScript database that persists to append-only JavaScript logs: https://codeberg.org/small-tech/jsdb

As Site.js reached an evolutionary dead-end, and as I learned from my experiements with replicated data types that replicated data types are *not* a prerequisite for a decentralised web (actual topological decentralisation and ease of use are), I started writing a new server/platform called Kitten from scratch while still making use of the tried and tested modules listed above.

Last week, I switched over our last site using Site.js to Kitten and, with that, today I’ve sunset³ Site.js:

https://sitejs.org

For its successor, please see Kitten:

https://kitten.small-web.org

If you want to support our work at the Small Technology Foundation, please consider becoming a patron:

https://small-tech.org/fund-us

💕

¹ https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/
² https://ar.al/2019/08/26/introducing-small-technology-foundation/
³ Using our instance of Look Over There!: https://look-over-there.small-web.org

#SiteJS #SmallWeb #SmallTech #peerToPeerWeb #SmallTechnologyFoundation #AutoEncrypt #AutoEncryptLocalhost #JSDB #JavaScriptDatabase #https #TLS

Aral BalkanFeb 8

New releases

• Kitten (rolling release)
• @small-tech/https version 5.3.2
• Auto Encrypt version 4.1.3

OCSP support has been reinstated in the server so existing sites with Let’s Encrypt certificates provisioned prior to the removal of the OCSP stapling requirement will not fail to load in Firefox.

Kitten servers in production will automatically update to this version in a few hours. You can also sign in to the Kitten settings page on your server and do a manual update to update Kitten immediately.

Thanks to @stefan and @s1r83r for bringing this to my attention. (https://mastodon.ar.al/@aral/113969540950647873)

#Kitten #SmallWeb #SmallTech #AutoEncrypt #TLS #SSL #HTTPS #OCSP #LetsEncrypt #web #dev #NodeJS #JavaScript

Aral Balkan (@aral@mastodon.ar.al)

@s1r83r@pataterie.ca @stefan@gardenstate.social Thanks for the heads up, folks. So, here’s what’s happened: 1. Let’s Encrypt removed OCSP support and starting rejecting certificate requests that require OCSP stapling (a privacy feature that Kitten inherited from my Auto Encrypt module) for new server requests and will reject certificate renewal requests starting in May. 2. So I went ahead and removed the OCSP stapling requirement from the certificate requests Auto Encrypt makes to Let’s Encrypt. 3. I also removed OCSP support from the server. Makes sense, right? Sure does, until you consider what happens to servers with already-provisioned Let’s Encrypt certificates that have certificates that require OCSP stapling. (kitten.small-web.org’s certificate got renewed four days ago, before I’d released the updates.) *Doh!* 🤦‍♂️ Seems Safari and Chrom(ium) are fine with letting it pass. However, Firefox, (and correctly too, I might add), refuses to load the site. So I’m off to update Auto Encrypt to re-enable OCSP support with a note to disable it in May (by which time all certificates will have renewed anyway without the stapling requirement) and then issue new builds of @small-web/https and Kitten. Kitten servers should automatically upgrade and start working in Firefox in several hours. And you can also manually update them if you want to before then after I’ve announced the releases. Thanks again for letting me know. :kitten:💕 #Kitten #SmallWeb #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #OCSP

Aral’s fediverse server
Aral BalkanFeb 7

New Kitten release

• Upgrades to version 5.3.1 of @small-tech/https¹ which has version 4.1.2 of Auto Encrypt² that l removes OCSP stapling (because Let’s Encrypt has removed OCSP support).

Please upgrade your Kitten as soon as possible or any new Kitten servers you try to set up will fail and any certificate renewals for existing servers will start to fail in May.

https://kitten.small-web.org

(To upgrade, run `kitten update`. Your production servers will update automatically.)

Enjoy!

💕

¹ https://www.npmjs.com/package/@small-tech/https
² https://www.npmjs.com/package/@small-tech/auto-encrypt

#Kitten #SmallWeb #SmallTech #web #dev #TLS #HTTPS #AutoEncrypt #NodeJS #JavaScript #OCSP #LetsEncrypt

Show threadAral BalkanFeb 7

@small-tech/https version 5.3.0 released

• Uses Auto Encrypt 4.1.1 (removes OCSP stapling support because Let]s Encrypt has removed OCSP support).

https://www.npmjs.com/package/@small-tech/https

This module is a drop in replacement for Node HTTPS module that automatically handles TLS certificate provisioning and renewal both at localhost (via Auto Encrypt Localhost¹) and at hostname (via Auto Encrypt with Let’s Encrypt certificates²).

So, this is how you create a HTTPS server in Node.js that uses this module and automatically handles TLS certificate provisioning and renewal for you both at localhost (during development) and at hostname (during production):

```js
import https from '@small-tech/https'

const server = https.createServer((request, response) => {
response.end('Hello, world!')
})

server.listen(443, () => {
console.log(' 🎉 Server running at https://localhost.')
})
```

(Yes, that’s it! I wrote a metric shit-tonne of meticulously-tested code so you don’t have to.) :)

💡 Note that the localhost certificate support via Auto Encrypt Localhost is 100% JavaScript and does NOT rely on an external binary like mkcert or certutil.

Needless to say, Kitten³ uses this module under the hood and it’s a big part of why Domain⁴ can deploy servers so easily that don’t require any day-to-day maintenance.

In case you’re wondering why I’m spending so much time releasing all these modules, it’s because I believe in sharing every brick of the house I’m building so others can easily build different houses if they want to. I’m not saying that what I’m building with Kitten, Domain, and Place⁵ will be the end all be all of the Small Web⁶ (the peer-to-peer web). And I want others to be able to experiment by building their own tools without having to go through the grueling development process I’ve had to in the past six years to build basic infrastructure.

Enjoy!

💕

¹ https://codeberg.org/small-tech/auto-encrypt-localhost
² https://codeberg.org/small-tech/auto-encrypt
³ https://kitten.small-web.org
https://codeberg.org/domain/app
https://codeberg.org/place/app
https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/

#SmallWeb #SmallTech #AutoEncrypt #LetsEncrypt #localhost #TLS #SSL #HTTPS #Kitten #NodeJS #JavaScript #servers #web #dev #FOSS

@small-tech/https

A drop-in standard Node.js HTTPS module replacement with both automatic development-time (localhost) certificates via Auto Encrypt Localhost and automatic production certificates via Auto Encrypt.. Latest version: 5.3.0, last published: 3 minutes ago. Start using @small-tech/https in your project by running `npm i @small-tech/https`. There are 2 other projects in the npm registry using @small-tech/https.

npm
Show threadAral BalkanFeb 7

Auto Encrypt version 4.1.1 released

Fixed:

• User agent string now includes the correct Auto Encrypt version (and the name fragment “auto-encrypt” instead of “acme”).

• Tests now send `Connection: close` header so they’re not tripped up by the default `keep-alive` introduced in Node 19.

https://www.npmjs.com/package/@small-tech/auto-encrypt

#SmallWeb #SmallTech #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #NodeJS #JavaScript #servers #web #dev #FOSS

@small-tech/auto-encrypt

Automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten, Polka, Express.js, etc.). Latest version: 4.1.1, last published: 3 minutes ago. Start using @small-tech/auto-encrypt in your project by running `npm i @small-tech/auto-encrypt`. There are 3 other projects in the npm registry using @small-tech/auto-encrypt.

npm
Aral BalkanFeb 6

Auto Encrypt version 4.1.0 released

• Removes OCSP stapling, as Let’s Encrypt is removing OCSP support.

If you’re already using Auto Encrypt upgrade before May or your certificate renewals will start to fail. Upgrade now if you want to get certificates for new domains as new certificate requests are already failing.

https://codeberg.org/small-tech/auto-encrypt#readme

Auto Encrypt automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten¹, Polka, Express.js, etc.)

Regular Node.js HTTPS server (without Let’s Encrypt certificates):

```js
import https from 'node:https'
const server = https.createServer(…)
```

Auto Encrypt https server with automatic Let’s Encrypt certificates:

```js
import AutoEncrypt from '@small-tech/auto-encrypt'
const server = AutoEncrypt.https.createServer(…)
```

(Certificates are provisioned on first hit and automatically renewed 30 days before expiry.)

¹ https://kitten.small-web.org

#AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #NodeJS #JavaScript #servers #web #dev #SmallWeb #SmallTech #FOSS

auto-encrypt

Automatically-provisioned TLS certificates for Node.js servers using Let’s Encrypt.

Codeberg.org
Aral BalkanFeb 4

So I guess Let’s Encrypt has decided what I’ll be working on today then…

https://letsencrypt.org/2024/12/05/ending-ocsp/

(They’re ending OCSP stapling support. I’ll be updating Auto Encrypt¹ to remove OCSP support and then update @small-tech/https, which uses it, along with Auto Encrypt Localhost² to provide seamless TLS support regardless of whether you’re working in development or in production, and then update Site.js³ – deprecated but still used to serve some of our own sites at Small Technology Foundation⁴ – and Kitten⁵, with the latest @small-tech/https.)

¹ https://codeberg.org/small-tech/auto-encrypt
² https://codeberg.org/small-tech/auto-encrypt-localhost
³ https://codeberg.org/small-tech/https
https://small-tech.org
https://kitten.small-web.org

#SmallWeb #SmallTech #TLS #SSL #HTTPS #LetsEncrypt #OCSP #AutoEncrypt #AutoEncryptLocalhost #SiteJS #Kitten

Ending OCSP Support in 2025

Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP). Today we are providing a timeline for ending OCSP services: January 30, 2025 OCSP Must-Staple requests will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension May 7, 2025 Prior to this date we will have added CRL URLs to certificates On this date we will drop OCSP URLs from certificates On this date all requests including the OCSP Must Staple extension will fail August 6, 2025 On this date we will turn off our OCSP responders Additionally, a very small percentage of our subscribers request certificates with the OCSP Must Staple Extension.