Im using certbot with dns challenge (cloudflare api token) to renew letsencrypt cert for my nginx proxy. I want also to create CA cert to sign longterm certs for upstream servers/services and set nginx to trust CA cert. Longterm because of no possibility to automate renewal for those devices/services. Will stepCA have any use for me or just use openssl?
I’ve been using step-ca for about 3 years in my lab, it’s great, especially for services that support ACME (Proxmox, Caddy, etc.).