Julien Riou6h ago
I have been managing my own CA for NRPE and OpenVPN by hand but I always forget how to (re)generate the certificates. I'll give step-ca a try this weekend and follow the @jwildeboer blog post https://jan.wildeboer.net/2025/07/letsencrypt-homelab-stepca/
#homelab #selhosting #stepca
Be the LetsEncrypt in your homelab with step-ca

So you have a Cute Homelab and you want to use it to secure your services and containers with x509 certificates? But your homelab isn’t on the internet, so you can’t simply use LetsEncrypt? Well. You can become your own LetsEncrypt and hand out certificates with certbot. You “just” need to run your own CA (Certificate Authority). Sounds frightening and complicated? It kinda is, but not really when you use step-ca, an open source solution that you can run in a container.

Jan Wildeboer's Blog
Daniel S. Reichenbach3d ago

My new homelab has progressed. I now have SmallStep CA running, with ACME enabled, and InfluxDB 3 with Grafana.

Its not much but it is a start.

#homelab #stepca #grafana

Show threadder Marko 🚲🏃‍♂️Feb 16
Eigentlich sollte #stepca mit in die Docker Umgebung, aber das fand ich in der notwendigen Initialisierung eher frickelig und es ist mir auch nicht fehlerfrei gelungen. Also läuft das jetzt einfach in einem separaten #lxc nur für diesen Zweck.
der Marko 🚲🏃‍♂️Feb 16

Es war am Ende eine härtere Nuss, als gedacht, aber mein Heimnetz hat jetzt eine eigene CA auf Basis von #stepca , #caddy läuft als Reverse Proxy und wickelt das Zertifikatshandling automatisiert für die im #homelab laufenden Dienste ab.
Eine Grundlage, die ich schon länger habe wollte, aber mir nie die Zeit genommen habe, tiefer einzusteigen und das einmal ordentlich aufzusetzen.

Next up: Backups machen und dokumentieren, was ich getan hab.

Show threadSam Lehman Jan 17

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

Larvitz  Jan 17

What a project. Did configure StepCA in my home-lab with a real physical HSM for the CA's private key. Using a SmartcardHSM (https://www.smartcard-hsm.com) from CardContact Systems.

Now I have acme (automated cert provisioning) working internally as long as the HSM is plugged into my server.

All running in an isolated FreeBSD 15-RELEASE jail (StepCA compiled from source with added PCSC-Lite support and usb device passed through by devfs rules).

Yay! It works!

#freebsd #stepca #devops #acme #certificates #tls #smartcard #hsm

Jan Wildeboer 😷Jan 12

When all parts come together ;) I now have S3 compatible storage with #garage in my homelab, using #nginx as reverse proxy and secured with a certificate from my own #StepCA based CA (Certificate Authority) that gets auto-renewed by #certbot. And this all works without any internet connection, as I also have a DNS server for my home network with the correct CNAME entry for s3.

#SelfHost #SysAdminLife @homelab

AndréJan 6

🤔 Laut Übersicht unterstützen sowohl #Nitrokey3 also auch #NitrokeyHSM2 #PKCS11. Auf denm verlinkten Datenblättern stehen auch vergleichbare Zeiten für Signaturen

Brauche ich nun für eine #homelab #stepca (smallstep-ca) den HSM key oder reicht der normale Key?

Mauricio Teixeira🐧Dec 12

(due to a snafu, this is a re-post)

New blog post! After reading @mmeier's blog post about monitoring his Kubernetes cluster certificates, I decided to take a look at how this is done with Talos, and learned a lot from it. You can read my solution in my blog post, as well as Michael's (which I link in my post, and also below in this thread.

#HomeLab #TalosLinux #StepCA #Certificates #Kubernetes #Blog @homelab
https://mteixeira.wordpress.com/2025/12/07/monitoring-the-kubernetes-certificates-on-a-talos-cluster/

Monitoring the Kubernetes certificates on a Talos cluster

I’ve been following Michael Meier’s saga on Mastodon, where he’s trying to figure out how to properly monitor his Kubernetes certificates. In the end he came up with some clever i…

I do what I can
Show threadJan Wildeboer 😷Oct 30

I am also a bit proud that I managed to replicate my own little letsencrypt for my homelab using #stepca [1]. My homelab machines also get and renew their certificates with certbot from my own CA (Certificate Authority) automagically. I just checked and yes, they renewed a few days ago without any problem. Yay!

[1] https://jan.wildeboer.net/2025/07/letsencrypt-homelab-stepca/