Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm surprised there's no "CA-tool-as-a-service" where the CA provides an API (and maybe a CLI tool that uses that API) allowing you to automatically request-and-generate certs from their CA server provided it's for a subdomain of a domain you have on your account.


That's essentially what Let's Encrypt aims to be: https://letsencrypt.org/


Have a look at the "certificate" section of Gandi's API https://github.com/Gandi/gandi.cli/blob/master/gandicli.man....

And check out SSLmate https://sslmate.com/


Check out OpenStack's Anchor project, it is exactly this.

If the people behind the post used anchor, then the issues mentioned here would be absolved.


Nearly every CA has an API already, you can add automated Domain validation yourself over a weekend.


Typical way to tackle sub-domains would be to issue a wildcard certificate.


This would be for subdomains with their own "sovereignty"; e.g. Tumblr or Wordpress blogs, where the subdomain "owner" could conceivably want to issue their own subdomains, or, heaven forbid, do client-cert signing for their subdomain.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: