TLS & Certs
Let's Encrypt, ACME, certificate management
- 00 TLS & Certificates — Roadmap Eight chapters that take TLS from mystery to muscle memory — what it actually does, why every part exists, and how to issue, renew, and serve real certificates without a managed service. beginner 5 min →
- 01 What TLS Actually Is TLS does two jobs: it encrypts your traffic, and it proves the server is who it says it is. The two halves work together — neither alone is enough. beginner 9 min →
- 02 The TLS Handshake ClientHello, ServerHello, key exchange, finished. The five-message conversation that turns a TCP connection into a secure session — and how TLS 1.3 cut it in half. beginner 12 min →
- 03 Certificates and the Chain of Trust What lives inside a .pem file, what a CSR is, why intermediate certificates exist, and how a browser walks the chain to a root it already trusts. beginner 12 min →
- 04 Let's Encrypt & ACME The protocol that lets a free CA issue 350 million certificates a year. Account, order, challenge, finalize, download — what every certbot run does behind the scenes. beginner 11 min →
- 05 Issuing Your First Cert with certbot From bare DNS A record to working HTTPS in ten minutes. Concrete commands, every flag explained, every common failure addressed. beginner 11 min →
- 06 Wildcard Certs & DNS-01 When HTTP validation isn't enough — issuing wildcard certs, automating DNS-01 with provider plugins, and the security tradeoffs of API tokens that can edit DNS. intermediate 10 min →
- 07 Configuring nginx for TLS A complete TLS server block — protocols, ciphers, OCSP stapling, HSTS, modern key types, perfect forward secrecy. The config that scores A+ without copy-paste cargo. intermediate 13 min →
- 08 Renewal, Monitoring, and Rotation Surviving past 90 days. Renewal hooks, expiration monitoring, key rotation, and the runbook for the night your cert quietly expired and now nobody can reach the site. advanced 11 min →