Show HN: I rewrote my 2012 self-signed cert generator in Go – cert-depot.com

A 2012 weekend project just got a glow‑up: cert-depot.com is back, rewritten in Go as a slick, single-file tool that cranks out make-your-own certificates without touching OpenSSL. It streams everything from memory, stores nothing on the server, and packs modern must‑haves like Subject Alternative Names (the browser rule since Chrome 58), plus RSA and ECDSA options and ZIP or PFX downloads. The GitHub is here: dimastopel/certdepot.

Onlookers loved the “no more OpenSSL incantations” energy, but one early voice cut through the hype with a reality check: generating a certificate is the easy part — getting every machine to trust it is the real boss battle. As one commenter put it, SAN support is the right move, but deploying the internal “mini‑authority” across a zoo of laptops, servers, and browsers turns into a long-running headache. Translation: devs are clapping; ops are holding the Advil.

The mood swung between nostalgia and memes — “one binary to rule them all,” “RIP copy‑paste OpenSSL spells” — while the practical crowd warned that self‑signed setups shine for internal tools but come with ongoing maintenance costs. It’s a tidy love letter to Go simplicity, with a side of “don’t forget the trust stores,” and the thread’s energy is equal parts applause and caution tape.