SSL Cert Automation #
Automated SSL certificate provisioning and renewal for substrate services.
✓ 0 |
↻ 0 |
⏳ 16
(16 total)
Legend: β Complete | π In Progress | β³ Planned
Project Vision & Scope #
Eliminate browser security warnings and enable secure communication between substrate services by deploying an internal Certificate Authority and automating certificate lifecycle management.
In Scope
- Internal CA deployment and trust distribution
- SSL certificates for infrastructure web UIs (Proxmox, OPNsense, Omada)
- Automated certificate renewal
- Expiration monitoring
Out of Scope
- Public-facing certificates (use Let’s Encrypt separately)
- Client certificate authentication
- Code signing certificates
Requirements β³ #
- β³ Define certificate naming conventions
- β³ Define certificate validity periods
- β³ Define renewal thresholds and alerting
Certificate Authority β³ #
Internal CA infrastructure for issuing trusted certificates.
- β³ Evaluate CA options (step-ca, smallstep, CFSSL)
- β³ Deploy internal CA on bootstrap node
- β³ Distribute root CA to substrate hosts
- β³ Configure browser/OS trust stores
Infrastructure Services β³ #
SSL certificates for core infrastructure web UIs.
- β³ Proxmox VE admin UI (pve.dvnt.deevnet.net)
- β³ OPNsense admin UI (opnsense.dvnt.deevnet.net)
- β³ Omada Controller UI (omada.dvnt.deevnet.net)
Certificate Lifecycle β³ #
Automated renewal and distribution.
- β³ ACME client deployment (certbot, acme.sh, or step CLI)
- β³ Automated certificate renewal via cron/systemd timer
- β³ Certificate deployment playbook
- β³ Expiration monitoring and alerting
Documentation β³ #
- β³ Certificate management runbook
- β³ Manual renewal procedure (fallback)