Certificates for Onion Services page
Description
Onionspray's HTTPS Certificates page is outdatedspecific, and something broader is needed.
Tasks
-
Existing documentation:
-
Update Onionspray's HTTPS Certificates page to reflect the current procedures:
- Updates from the CA-related commands (onionspray#76 (closed)).
- Improve the instructions to make test certificates.
-
Update Onionspray's HTTPS Certificates page to reflect the current procedures:
-
New documentation:
- Create new documentation page in the Ecosystem docs under the Checklist document or into a HOWTO/Guides section in the web docs.
- Move the non-Onionspray specific sections to a broader scope.
- Add document version (or last updated date).
-
References:
- Certificate proposals page.
- Onionmine.
- BadSSL But Onion · Wiki · The Tor Project / Applications and to PieroV's Onion Tests.
- Faulty Onions.
- Onionsec:
- OnionSec repository.
-
OnionSec UI repository. As of 2025-10-8, this repository is not yet public. - ACME for Onions.
- Certificate's maximum validity period accepted by browsers.
- Note about certificates going to public CT Logs upon issuance.
-
Requirements/recommendations/examples:
- Example with OpenSSL and RSA 4096.
- Check whether wildcard SANs can be always added, regardless the user asked for a single-domain cert (confirm whether it's harmless to leave the wildcard in the CSR, even if a single-domain cert is purchased) (onionmine#39 (closed)).
-
Consider making it a general certificates page, not just for HTTPS or TLS.
If that's the case, it's better moving it to the
apps/basesection.
-
Add references to this new page/documentation into:
- The HTTPS section in the Onionsite checklist.
- Onionspray's HTTPS Certificates page.
- Onion Plan's Certificate proposals page.
- Onionmine docs (tutorial and usage pages).
- Onionspray Ansible Role.
- A Forum post announcing the page, asking people to review and send merge requests. Done here, but without the feedback invitation.
Time estimation
- Complexity: very small (0.5 day)
- Uncertainty: low (x1.1)
- Reference (adapted)
Edited by Silvio Rhatto