Show threadJeremy, aka Jaharmi3d ago
@owen I don’t find it that bad with #stepca. It’s not exactly trivial, but it’s possible. If more things I run — or want to run — had a “step” client or #acme (and not just support for #LetsEncrypt), it would be much easier.
Julien RiouApr 9

My homelab is now using NRPE with TLS thanks to the private PKI I deployed this week-end.

#homelab #selfhosting #tls #ssl #stepca

Julien RiouApr 8

My ACME certificates generated by step-ca don't have a "subject" but they have SANs. Unfortunately, OpenVPN seens to require a subject to work.

#openvpn #stepca #tls #acme

Julien RiouApr 6

Achievement unlocked 🔓

My homelab has now valid internal TLS certificates automatically renewed by certbot on a step-ca server.

#homelab #selfhosting #stepca #tls #certbot

Julien RiouApr 6

Step CA configured with PostgreSQL backend and the ACME provider in my homelab. Clients trust the CA. Next steps: configure certbot and add monitoring to check certificates expiration.

#homelab #selfhosting #postgresql #certbot #tls #stepca

Julien RiouApr 3
I have been managing my own CA for NRPE and OpenVPN by hand but I always forget how to (re)generate the certificates. I'll give step-ca a try this weekend and follow the @jwildeboer blog post https://jan.wildeboer.net/2025/07/letsencrypt-homelab-stepca/
#homelab #selhosting #stepca
Be the LetsEncrypt in your homelab with step-ca

So you have a Cute Homelab and you want to use it to secure your services and containers with x509 certificates? But your homelab isn’t on the internet, so you can’t simply use LetsEncrypt? Well. You can become your own LetsEncrypt and hand out certificates with certbot. You “just” need to run your own CA (Certificate Authority). Sounds frightening and complicated? It kinda is, but not really when you use step-ca, an open source solution that you can run in a container.

Jan Wildeboer's Blog
Daniel S. ReichenbachMar 31

My new homelab has progressed. I now have SmallStep CA running, with ACME enabled, and InfluxDB 3 with Grafana.

Its not much but it is a start.

#homelab #stepca #grafana

Show threadder Marko 🚲🏃‍♂️Feb 16
Eigentlich sollte #stepca mit in die Docker Umgebung, aber das fand ich in der notwendigen Initialisierung eher frickelig und es ist mir auch nicht fehlerfrei gelungen. Also läuft das jetzt einfach in einem separaten #lxc nur für diesen Zweck.
der Marko 🚲🏃‍♂️Feb 16

Es war am Ende eine härtere Nuss, als gedacht, aber mein Heimnetz hat jetzt eine eigene CA auf Basis von #stepca , #caddy läuft als Reverse Proxy und wickelt das Zertifikatshandling automatisiert für die im #homelab laufenden Dienste ab.
Eine Grundlage, die ich schon länger habe wollte, aber mir nie die Zeit genommen habe, tiefer einzusteigen und das einmal ordentlich aufzusetzen.

Next up: Backups machen und dokumentieren, was ich getan hab.

Show threadSam Lehman Jan 17

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI