TLS 1.3: Modern Encryption Without the Existential Dread
TLS 1.3 explained without the PhD: faster handshakes, better ciphers, and how to actually configure Nginx and Caddy to use it.
Tag: ssl
All the articles with the tag "ssl".
Let's Encrypt Without Certbot
Certbot isn't the only ACME client. Explore Caddy, acme.sh, lego, and Step CA — with practical examples for wildcard certs and DNS-01 challenges.
Certificate Pinning: The Nuclear Option for TLS Security (Use With Caution)
Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.
Caddy Advanced: Automatic HTTPS, Plugins, and Config That Doesn't Make You Cry
Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.
Reverse Proxy SSL: The Cert Chain Mistake Everyone Makes
Your reverse proxy only has the leaf cert, not the intermediate. Here's why that kills half your connections.
Why Your TLS Certificate Isn't Trusted
Incomplete cert chains, wrong order, self-signed certs. How to diagnose trust failures with openssl s_client.
Certificate Expiry: Monitor Before the 3 AM Call
Certs expire silently. Check expiry with openssl, automate renewal checks with cron, get alerts before disaster.
Certificate Pinning: A Secure Connection Guide
Certificate pinning locks your app to a specific TLS cert so MITM attackers can't swap in a rogue CA — how it works and when to use it.
Install Caddy reverse proxy via Docker
Get Caddy running as a reverse proxy in Docker — automatic HTTPS, Caddyfile config, and Docker Compose setup in under 10 minutes.