# Resources

#### Certification Authority

數位憑證認證機構（英語：Certificate Authority，縮寫為CA），也稱為電子商務認證中心、電子商務認證授權機構，是負責發放和管理數位憑證的權威機構，並作為電子商務交易中受信任的第三方，承擔公鑰體系中公鑰的合法性檢驗的責任。

- [政府憑證管理中心](https://gcp.nat.gov.tw/views/about/about_1.html)(Government Certification Authority，簡稱GCA)
- [台灣網路認證](https://www.twca.com.tw/) (TWCA)
- [中華電信通用憑證管理中心](https://publicca.hinet.net/index.htm) (PublicCA)

#### Let's Encrypt

- <span class="external">[How To Secure Apache with Let's Encrypt on Ubuntu 16.04](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 "https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04")</span>
- [SSL For Free 免費 SSL 憑證申請，使用 Let’s Encrypt 最簡單方法教學](https://free.com.tw/ssl-for-free/?utm_content=buffer8928e&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer "https://free.com.tw/ssl-for-free/?utm_content=buffer8928e&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer")
- [How to Use Let’s Encrypt to Install Free SSL Certificates on Your Linux VPS](https://dotlayer.com/how-to-use-lets-encrypt-to-install-free-ssl-certificates-on-your-linux-vps/ "https://dotlayer.com/how-to-use-lets-encrypt-to-install-free-ssl-certificates-on-your-linux-vps/")
- [Apache with Let’s Encrypt Certificates on CentOS 8](https://www.cyberciti.biz/faq/apache-with-lets-encrypt-certificates-on-centos-8/ "https://www.cyberciti.biz/faq/apache-with-lets-encrypt-certificates-on-centos-8/")
- [How to manage Let's Encrypt SSL/TLS certificates with certbot](https://www.howtoforge.com/how-to-manage-lets-encrypt-ssl-tls-certificates-with-certbot/ "https://www.howtoforge.com/how-to-manage-lets-encrypt-ssl-tls-certificates-with-certbot/")
- [certbot](https://certbot.eff.org/ "https://certbot.eff.org/")
- [How to issue Let’s Encrypt wildcard certificate with acme.sh and Cloudflare DNS](https://www.cyberciti.biz/faq/issue-lets-encrypt-wildcard-certificate-with-acme-sh-and-cloudflare-dns/)
- [How to forcefully renew Let’s Encrypt certificate](https://www.cyberciti.biz/faq/how-to-forcefully-renew-lets-encrypt-certificate/)
- [How to Check Let’s Encrypt SSL Certificate Expiration Date](https://www.linuxshelltips.com/check-lets-encrypt-ssl-certificate-expiration-date/)
- \[Nginx\] [Create a Web Server with NGINX and Secure it Using Certbot](https://linuxhandbook.com/ngnix-certbot/)

[Certbun](https://github.com/porkbundomains/certbun) - Certbot alternative

- [More On Installing And Configuring Certbun For Use With Apache](https://lowendbox.com/blog/more-on-installing-and-configuring-certbun-for-use-with-apache/)

#### Test SSL

這些工具可以檢測 SSL 網站的所有資訊

- [https://www.tecmint.com/testssl-sh-test-tls-ssl-encryption-in-linux-commandline/](https://www.tecmint.com/testssl-sh-test-tls-ssl-encryption-in-linux-commandline/)
- [https://github.com/drwetter/testssl.sh](https://github.com/drwetter/testssl.sh)
- [https://testssl.sh/](https://testssl.sh/)
- [https://www.ssllabs.com/ssltest/](https://www.ssllabs.com/ssltest/)
- [https://github.com/Matty9191/ssl-cert-check](https://github.com/Matty9191/ssl-cert-check)

#### Monitoring SSL

- [https://certificatemonitor.org](https://certificatemonitor.org)   
    Source code: [https://github.com/RaymiiOrg/certificate-expiry-monitor](https://github.com/RaymiiOrg/certificate-expiry-monitor)
- [https://alerts.httpscop.com](https://alerts.httpscop.com)

#### Certificates Tools

- [mkcert](https://github.com/FiloSottile/mkcert) - A simple tool for making locally-trusted development certificates. It requires no configuration. 
    - [How to Create Locally Trusted SSL Certificates with mkcert on Ubuntu 20.04](https://www.howtoforge.com/how-to-create-locally-trusted-ssl-certificates-with-mkcert-on-ubuntu/)
    - [mkcert: Create Trusted SSL Certificate for Local Development](https://www.tecmint.com/mkcert-create-ssl-certs-for-local-development/)
- [SSL Certificates Cheat-Sheet](https://github.com/xcad2k/cheat-sheets/blob/main/misc/ssl-certs.md)

##### ACME (Automated Certificate Management Environment)

[ACME](https://en.wikipedia.org/w/index.php?title=Automatic_Certificate_Management_Environment) 是一種通訊協定，由網際網路工程任務組（IETF）制定，目的是要自動化數位憑證的管理過程，包括憑證的申請、驗證、發行，以及之後的更新。由於數位憑證可以確保網站身份，並保護網站和用戶間的資訊交換，是網路安全非常重要的一環。傳統憑證申請和管理過程複雜且費時，ACME解決了這些麻煩，並使過程能夠自動化，因此也減少了管理成本，以及因憑證過期所產生的安全風險。

- [Step Certificates](https://github.com/smallstep/certificates)
- [Self-Host ACME Server](https://blog.sean-wright.com/self-host-acme-server/)
- [Run your own private CA &amp; ACME server using step-ca](https://smallstep.com/blog/private-acme-server/)

##### Certimate - 多憑證管理平台

Certimate 旨在为用户提供一个安全、简便的 SSL 证书管理解决方案。

做个人产品或者在小企业里负责运维的同学，会遇到要管理多个域名的情况，需要给域名申请证书。但是手动申请证书有以下缺点：

- 😱麻烦：申请证书并部署到服务的流程虽不复杂，但也挺麻烦的，犹其是你有多个域名需要维护的时候。
- 😭易忘：另外当前免费证书的有效期只有90天，这就要求你定期的操作，增加了工作量的同时，你也很容易忘掉续期，从而导致网站访问不了。

Certimate 就是为了解决上述问题而产生的，它具有以下特点：

- 支持私有部署：部署方法简单，只需下载二进制文件并执行即可完成安装。
- 数据安全：由于是私有部署，所有数据均存储在本地，不会保存在服务商的服务器上，确保数据的安全性。
- 操作方便：通过简单的配置即可轻松申请 SSL 证书，并将证书部署到用户指定的目标上，然后在证书即将过期时自动续期，无需人工干预。

URLs:

- [https://docs.certimate.me/](https://docs.certimate.me/)
- GitHub: [https://github.com/usual2970/certimate](https://github.com/usual2970/certimate)