Impact-Site-Verification: 41b53a0c-6d04-458b-a457-fe9e29acde1a

Developer Tools/UnknownSSL/TLScertificatesLet's Encryptdeveloper tools·

Anchor Relay

Fast, free browser-trusted HTTPS certificates via ACME relay

What it does

Anchor Relay is a service that simplifies obtaining Let's Encrypt certificates by acting as an ACME API frontend with DNS delegation for challenge records. It eliminates the need to expose port 80 or forward HTTP—all certificate validation happens outbound. The service currently provides free, automated 90-day certificates trusted by all browsers, with plans to add Google Trust Services and short-lived certificates. It works out of the box with tools like Certbot, Caddy, and cert-manager.

Who it is for

Anchor Relay is designed for developers and operators running services in homelab, self-hosted, or untrusted environments like IoT, as well as behind firewalls and internal networks. It is ideal for those who want to avoid exposing infrastructure or managing DNS API credentials across multiple systems.

Why it matters

Traditional certificate issuance often requires opening port 80 or managing complex DNS integrations. Anchor Relay reduces attack surface by requiring only outbound connections and a one-time DNS configuration. This makes HTTPS adoption simpler and more secure for edge cases where standard ACME challenges are impractical.

Launch signal

Anchor Relay was announced on Hacker News as a Show HN project. The service is currently in beta and offered as a free public service. The founder, known as "geemus," is also the creator of the CarrierWave gem, adding credibility to the project.

Brand and naming

The name "Anchor Relay" suggests a trusted, stable relay point for certificate issuance. The branding uses a clean anchor icon and dark theme, positioning the service as a secure and reliable intermediary. The tagline "Fast & free browser trusted HTTPS certificates" clearly communicates the core value proposition.

Founder

geemus

Get more like this in our weekly newsletter.