惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News | PayPal Newsroom
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网
NISL@THU
NISL@THU
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
博客园_首页
P
Privacy & Cybersecurity Law Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Cloudflare Blog
Know Your Adversary
Know Your Adversary
小众软件
小众软件
人人都是产品经理
人人都是产品经理
WordPress大学
WordPress大学
博客园 - 聂微东
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tor Project blog
C
Cybersecurity and Infrastructure Security Agency CISA
V
V2EX
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
J
Java Code Geeks
M
MIT News - Artificial intelligence
PCI Perspectives
PCI Perspectives
T
The Blog of Author Tim Ferriss
美团技术团队
Jina AI
Jina AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
V2EX - 技术
V2EX - 技术
爱范儿
爱范儿
S
Securelist
MyScale Blog
MyScale Blog
B
Blog
AI
AI
L
LINUX DO - 热门话题
Security Archives - TechRepublic
Security Archives - TechRepublic
The Register - Security
The Register - Security
I
Intezer
有赞技术团队
有赞技术团队
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
H
Help Net Security
D
DataBreaches.Net
K
Kaspersky official blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
The Last Watchdog
The Last Watchdog
Attack and Defense Labs
Attack and Defense Labs
酷 壳 – CoolShell
酷 壳 – CoolShell

Let's Encrypt Community Support - Latest posts

Fail to renew NGINX cert Installing across 2 servers Transitioning to 45-day certs: How to handle certificates with >25 SANs (blocked by `tlsserver` limit) TSplus certificate installation error Certsage Urn:ietf:params:acme:error:malformed [Let's Encrypt Blog] A Post-Quantum Future for Let's Encrypt Guidance on Security Review for Let’s Encrypt Adoption 2026.06.03 CRLs Temporarily Missing Revoked Serials ACME 404 errors for existing end-to-end tests: “No such authorization” / “Certificate not found” Certbot fullchain missing intermediates Can't generate certificate - Unable to validate JWS Unable to renew certificate on RHEL 8 Lost where my certificate is renewed from Want get R13 (ISRG Root X1) with acme.sh or certbot script Error renewing certificates, Error finalizing order :: authorizations for these identifiers not found: Error getting certificates ACME 404 errors for existing end-to-end tests: “No such authorization” / “Certificate not found” Certificate creation failed with message [Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/finalize/ SSL certificate expired Certbot Code 1, Installing AMP for MC on CachyOS Certonly --force-renewal Need newby help with getting cert for my nas with my zip file Creating ssl certificate synology IKEv2 (strongSwan) fails with Let's Encrypt YR2 chain (works with other servers / chain mismatch suspected) Client can't connect ikev2 server HTTP-01 and AWS challenge Trouble with dns-rfc2136 plugin Getssl hangs, Lets Encrypt not requesting token Has there been a recent change in order/authorization reuse behavior for the Classic profile? Invalid response from web address so cannot validate Having trouble getting LetsEncrypt certificate CertSage 3.3.1 Release Client authentication Renewal-hooks directory Scheduling cert renewal When will certbot renew next time? Deploy-hook error Rate limiting by certbot issues pfSense - Windows DNS Server (Not AD) - TSIG error with server: tsig verify failure Crt.sh not updating Crt.sh not updating How code the dns-persist-01 challenge Win-Acme and using their acme-dns works wiht Let’s Encrypt Account ownership Unraid management access and acces to containers via SSL New Certificate Fails with Unauthorized 403 Seeking Clarity and Consistency on Configuring HTTP-01 challenge for multiple domains Certifiate failing renewal Letsencrypt blocked in Iran Problem with http verification Cyber-attacks from the secondary verification source addresses Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: How will clients handle X2 by X1 cross certificate revocation HTTPS Certificate Renewal and Mixed Content Issues Affecting My Real-Time Morse Code Website Using Let’s Encrypt .conf Files and Nginx along with Certbot Forbidden by policy error generating the let’s encrypt certificate SSL Certificate installed for 1 of 2 domains Certbot renewal issues breaking my self-hosted video review portal Certificate apparently not working New certificate apparently not working Certbot 5.6.0 Release Would signing the key authorization with the ACME private key increase security? Lego 5.0.0 Release Certificate renewal incomplete: missing domains beeandlunetrading.com We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved Is using preferred-chain "ISRG Root X2" still a good idea? Crypt::LE --delayed not being honored Intended audience for "tlsserver" profile 2026.05.08 Gen Y Cross-Certified Subordinate CAs missing serverAuth EKU Expired certs shut done websites Automatic renewal across multiple systems serving the same domain Account paused – Request to unpause domain exodus.digitalmansa.com Certificate for web theft phucnha.com DNS-PERSIST without spending an Order Certificate Expired, now I can't create a new one Account paused Invalid unpause URL I need to revoke a cert, how do i do this The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot LetsEncrypt Consultation SSL/TLS certificate Issue ISRG may have received a National Security Letter or FISA Court Order? Deactivating pending authorization Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side Certificate renewal error Azuracast letsencrypt error Certbot change provider from Sectigo to CertiNext Privacy policy still mentions disabled services Letsencrypt[.]top is squatting on the LE name and acting as a web client Cert renews not working anymore Root Cert Protection and Signing Process for e.g. Intermediates or Cross-Signs of new Roots DNS Challenge failed incorrect TXT value Certbot is rejecting its own specified _acme-challenge value Not able to renew certificates Issue of SSL Certificate fails Is there a CRL push infrastructure for Linux that can be hooked into? Today instantly SSL certificate problems CNAME and CAA clarification Safari won't trust Let's Encrypt certs Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01? ARI renewal-info Rate Limit Changes? "Generation Y" root program inclusion
FreeCert: a lightweight ACME management module for shared hosting and cPanel
@tracoserv · 2026-04-19 · via Let's Encrypt Community Support - Latest posts

Hi everyone,

I’ve been building a lightweight module for a very specific problem: managing ACME certificates on shared hosting and cPanel environments without repeating the same shell workflow over and over.

It’s called FreeCert, and the goal is not to replace existing ACME clients, but to make them easier to use in constrained real-world hosting setups.

The project is available at certificates.biz.

FreeCert is a lightweight PHP module that can be installed directly on a website and used to manage certificate issuance and renewal through an existing ACME workflow, currently based on acme.sh.

This is not a new CA, and it is not meant to compete with mature ACME clients.
It is a thin operational layer built for environments where users technically can issue certificates, but the process is still too manual, fragmented, and repetitive.

Why I built it

In many shared hosting environments, users often have just enough access to make ACME work, but not enough tooling to make it convenient.

That usually means:

  • running commands manually
  • repeating the same steps every few months
  • copying certificate files by hand
  • managing multiple small sites with no reusable interface
  • depending too much on terminal access for routine operations

I wanted to explore whether a small installable module could make this workflow cleaner and more reusable.

What FreeCert does

FreeCert is installed directly on the target website and works on the current site/domain where it is deployed.

The current design includes:

  • lightweight PHP module
  • built for shared hosting and cPanel-like environments
  • local issuance and renewal using acme.sh
  • current domain detection from the installed site
  • local logs
  • update checks for the module itself
  • semiautomatic certificate workflow
  • no arbitrary free-form domain input for certificate issuance

Authorization model

One of my main design goals was to avoid creating a generic public “issue certificates for anything” tool.

So the module uses an external authorization layer called Librya.

The workflow is:

  1. the user authenticates
  2. the module detects the current domain
  3. the module checks whether that domain is registered and approved for that user
  4. only then are SSL actions allowed

This keeps the module tied to the real site where it is installed, instead of turning it into an open certificate panel.

What I’d love feedback on

I’d really appreciate technical feedback on a few points:

  1. Does this architecture make sense for shared hosting and cPanel use cases?
  2. Are there obvious security pitfalls in using a lightweight management layer around an existing ACME client workflow?
  3. Does this feel like a useful niche for people managing multiple small websites on constrained hosting?
  4. If the project becomes mature enough, would it make sense to present it as a niche ACME management option for this type of environment?

I’m not trying to replace mature ACME clients.

The goal is to make certificate management more practical in a specific class of hosting environments where people often end up doing everything manually even when ACME support is technically available.

If useful, I can also share more details about:

  • module structure
  • authorization flow
  • update mechanism
  • local execution flow
  • current UI and workflow decisions

Thanks in advance for any feedback.