Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



1 Commits

Repository files navigation

TLS certs for internal OTS hardware

Most off the shelf hardware devices use a web app as their primary user interface however most currently do it either over HTTP or use HTTPS but with a self-signed certificate. This project offers a way for vendors to ship boxes which, on boot, will pick up a valid certificate from Lets Encrypt to allow their users to safely access them whatever network they are placed on.

This project is a proof of concept demo of the process I talk about in my blog post TLS certs for internal OTS hardware.

There is also an accompanying post on how to get this project working - TLS certs for internal OTS hardware - Proof of Concept - but here is a summary for those who want to get started without having to read all about it.

To get started, you'll need:

  • A domain to issue certificates for.
  • A Cloudflare account and API key.
  • A working Go environment

Clone the project:

go get -v

Build the server:

cd ~/go/src/
go get -v ./...
go build
cp ots-cert-server.cfg-template ots-cert-server.cfg

Edit the config file ots-cert-server.cfg with your chosen domain name and API details.

Start up the server:

INFO[0000] Starting the server
INFO[0000] No valid certificate found, going to create a new one 
INFO[0010] Creating DNS record
INFO[0011] Starting web server on:

Build the client:

cd ~/go/src/
go get -v ./...
go build
cp ots-cert-client.cfg-template ots-cert-client.cfg

You will need to edit the config file so it has the right address for the server.

Run the client:

INFO[0000] The hostname is:
INFO[0010] The certificate was generated
INFO[0010] Setup complete, browse to

Browse to the client to check all is working:

Congratulations, you should be viewing this over HTTPS on your custom domain.


Proof of concept code to go with my OTS Certificate blog post







No packages published