X.509 certificates are vital in the security of many Internet protocols, including TLS/SSL. If your charm workload communicates over HTTPS, you most likely need these certificates. Within the Juju ecosystem, the tls-certificates charm relation interface handles X.509 certificate creation, renewal, and revocation.
There are many charms that act as providers of this interface and we are proud to announce that they have all been promoted to a “stable” release.
Ideal for development and non-production environments, the self-signed-certificates operator provides self-signed certificates in the charm ecosystem. Upon deployment, the self-signed-certificates operator generates a private key and a Certificate Authority (CA) certificate (that is not signed by any authority). The operator signs each certificate request it receives using this self-signed CA certificate.
Your organisation has a manual process to request certificates? No problem. The manual-tls-certificates operator supports Juju actions to list certificate requests, retrieve signing requests, and supply manually obtained certificates.
You want an automated approach to certificate related operations. Use the LEGO charm operator specific to your DNS provider to request certificates using the ACME protocol.