dance is a dead-simple private certificate authority for LAN and homelab use. A single Go binary wraps an embedded step-ca backend and exposes a browser-friendly landing page, a password-protected admin UI, and a fully functional ACME endpoint — so Caddy and other ACME clients enroll without any extra plumbing.
step-ca runs in-process, writing to SQLite. dance fronts it with session-authenticated admin routes, a certificate inventory view, passive revocation, and EAB token management. Root certificate onboarding pages handle macOS, iOS, and other platforms. Everything is a single binary launched with environment variables — no daemon config files, no systemd units, no service mesh.
step-ca runs in-process; no separate daemon needed.
Compatible with Caddy, certbot, and any RFC 8555 client.
Certificate inventory, revocation, EAB token creation — all in-browser.
Root cert download pages for macOS, iOS, and generic platforms.
Audit log and admin state in a single local file.
go build ./cmd/dance — one file, no runtime deps.