[bigyikes]

I still have nightmares about trying to set up SSL with nginx and my own self-managed certificates.

I set the same thing up with Caddy in minutes and it’s been running flawlessly for years.

Shoutout to Let’s Encrypt as well for making this so much easier!

[KronisLV]

> I still have nightmares about trying to set up SSL with nginx and my own self-managed certificates.

For anyone who needs to run their own CA (which I'm now doing for my homelab), I've found that using GUI software like KeyStore explorer is a sufficiently easy and lazy way of doing that, which actually works well, both for securing regular sites, as well as doing mTLS: https://keystore-explorer.org/

For what it's worth, using OpenSSL directly and automating that for more frequently rotated certificates wouldn't be quite as pleasant, yet doable.

> Shoutout to Let’s Encrypt as well for making this so much easier!

For ACME stuff, Caddy will be excellent and honestly is probably the best option out there right now!

Nginx (and certbot) or Apache (and mod_md or certbot) will get you most of the way there as well, though the route will be a bit longer.

[francislavoie]

Caddy comes with Smallstep, it can be your CA too. Caddy is both and ACME client and ACME server.