I developed "LessEncrypt" for my dev environment, an ultra lightweight, hassle free alternative to LetsEncrypt for use with self-signed CAs like in a dev or homelab environment. At work we have self signed keys for our dev/stg environment, and manage it with Ansible and some scripts, but spend a surprising amount of time dealing with it. This is an experiment to get us out of that business.
- Client generates RSA keypair and connects to server from <1024 TCP port, sends pubkey.
- Server uses reverse DNS to come up with cert name (rules can specify alternate CN and SANs, override TTL, etc).
- Server generates a signed cert and connects back to client on <1024 TCP port and sends cert.
Not too hard. I came up with the idea in the shower one morning after a week of doing a lot of cert maintenance. I spent around 20 minutes writing a design document and did a couple back-and-forths with Claude Code and testing, then some refinementand improvements. Had some discussions with friends and associates looking for security issues I had missed.
Maybe 2 hours into it so far, Claude Code did all the coding so far.
https://github.com/linsomniac/lessencrypt
Short description:
- Client generates RSA keypair and connects to server from <1024 TCP port, sends pubkey. - Server uses reverse DNS to come up with cert name (rules can specify alternate CN and SANs, override TTL, etc). - Server generates a signed cert and connects back to client on <1024 TCP port and sends cert.