TLS - Tag - vo.rs

mTLS: Mutual TLS Between Services Without a Service Mesh

Thu, 11 Dec 2025 16:00:00 +0000

Ordinary TLS proves the server’s identity to the client. The browser checks the certificate, sees a name it trusts, and gets on with the conversation. The server, meanwhile, has no idea who the client is — it’ll talk to anyone. For service-to-service traffic inside your own infrastructure that’s backwards. You frequently care far more about which client is calling than the client cares about the server. Mutual TLS fixes that: both ends present certificates, both ends verify, and an unauthenticated caller never gets past the handshake.

Let's Encrypt Rate Limits: What to Do When You Hit the Wall

Wed, 09 Oct 2024 08:00:00 +0000

Let’s Encrypt is one of the genuinely great things to happen to the open web. Free, automated, universally trusted TLS certificates — the whole reason your homelab services have padlocks now instead of a wall of browser warnings. It is also a free service handling staggering volume, and it protects itself with rate limits. The trouble is you only ever learn those limits exist at the precise moment you slam into one, usually at 2am, usually while debugging something else, usually with a renewal cron job hammering away making everything worse.

cert-manager: Automated TLS Certificates That Actually Renew

Tue, 14 May 2024 09:00:00 +0000

Everyone who has run a website for more than a year has lived this particular horror. You get an email. The subject line contains the word “expires.” You ignore it because you’re busy. Then on a Sunday morning, the morning, your site is throwing certificate warnings to every visitor and you’re SSH’d in trying to remember how certbot works while your coffee goes cold. TLS certificates expire on a schedule that is precisely engineered to be longer than your memory and shorter than your attention span.