onion-SSL - /naˈskɔ.sto/

Anonymous HTTPS for onion services.

Addresses

  • nascosto45qzucs3anw74vipa6td2e7ryjr7k6w3klgbcjx4n4osymid.onion
  • nascosto.org

PGP Key Details

About

For some time now, the TLD .onion has been officially recognized. This circumstance enables companies to issue SSL certificates for .onion Domanis. Unfortunately, Lets Encrypt is not on board yet.

A reliable provider for domain validated certificates is Harica from Greece.

There is only one problem for operators of hidden services who want to be anonymous. You have to pay for the certificates by credit card. This is where I come in. I act as a proxy between you and Harica.

How does it work?

  1. You send me your .onion URL
  2. I request the certificate and send you a file which you have to deliver for validation via your websever.
  3. You send me $85 via Monero.
  4. I pay the certificate and send it to you.

Why so expensive? Harica charges 37,20 Euro. For my effort and the possible handling of requests and abuse mails you have to pay me.

Important notes: At no point in this process do I need any information from you other than the onion address. With this service you remain completely anonymous.

The certificate will not be renewed automatically. You will receive a message in time via the channel you used to contact me.

Then the renewal process will be repeated.

The certificates are valid for one year. Why SSL for .onion domains? It is not necessary for encryption. Hidden services transmissions are encrypted by design and the traffic never leaves the onion circuit. If you are running a clearnet site on the same system as the hidden service, then you don’t need to configure your web server to respond unencrypted on port 80.

Like for example this server here, which is also reachable via nascosto.org. But it is more noticeable if you run mail or jabber servers as hidden service. If the clients connect directly via the .onion domain, you don’t have to check the certificate manually, which is inevitable without .onion certificate. It also looks cool in the address bar.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

You can reach me via tox chat. My Tox ID is:
EAB804E897548C2B0C0D5454E905E5BF37233A8EC7BB41E03DDAD89B56825D3C
72CAEF7A5975

Please be patient.

This is a one man show and I can't be online 24/7. Of course I
always try to respond to your requests as soon as possible.

nascosto45qzucs3anw74vipa6td2e7ryjr7k6w3klgbcjx4n4osymid.onion
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4wPN8SU3ThdI60uFhURueAjYVIAFAmHb55cACgkQhURueAjY
VIBfcA/7BKzK61krLe5WAqFXmIfks5MSStTq8Fzd/PnBrMErNAmb4e+krZhC4AxZ
kd3zjgVZ9rtkoll35igqWGDIXJEmnCeprhG4+xFfRXIJFarlmN9D6d5vowCFbMEu
Yqut8h+Ykxm0A6R7Ru0xs+kZs522ZArholoT4e2cOaXP1EJMfFkGBIKocaCO1GRV
ZzC2OAIxlH1rreS5tovsGkar7a5vfhyzZ6u70bLD3BFaPo+QuHPVis4k6XC6HRzJ
Lh098Uow2HgcDu4zZX/s+LoFpYhYD3usLd/dvUfIULcVL7rkEIxHhQtQkmLr6miq
7iq3xC1F6C/kew45633RVaWBWqqGt+rxzyaHgKi6+36kUuayHH7Ar4b1D9zFvpYq
UqULqfPKXYgiM9EGtws1EEhrErEN+KUuoZjOUHXTaxMZjYFQ0j2P64nAC01tS9Za
ksxL2QaRYokA7FhY3Q3RVZik95WQwKfaaCF5tPplbhILb8LjgBSD6lOWnel9qDxi
+02k7BOYHqR/XUTehfIY7alpadOswR9L+aEQg93FhFY2kNWRDlpIwBj07Ikcbnhb
q2SR+v5weOEp/WhOw1gyWwVOKfHnerttwyDrzTYBi8cA/TaYCCKqy5LHfwZd1rK1
HpB9UStW0ilLiIFb+NkmBR0I7RKu0Xs0ZeRG2gGSGtt/4kCAfF8=
=LL6e
-----END PGP SIGNATURE-----