Self-Hosted Document Signing
Documenso, DocuSeal, OpenSign — self-hostable DocuSign / HelloSign alternatives.
A short page because the OSS landscape here is small but real, and none of it is currently covered elsewhere on the site. For broader DMS context see Self-Hosted Document Management; for transactional email used to deliver signing links see Email; for the broader e-commerce / business stack see Compliance & SOC2.
The candidates
- ★ Documenso — TypeScript / Next.js; modern UX; open-source DocuSign. Free self-host + paid hosted tier. The default for new TS-shop self-host in 2026.
- ★ DocuSeal — Ruby on Rails; multi-document signing flows; templates; built-in PDF editor; free self-host + hosted tier. Often picked over Documenso for non-TS teams.
- OpenSign — Node + Parse Server; multi-user; templates; webhooks.
- PrivateSign / EasySign — smaller, less-active alternatives; check last commit before adopting.
Adjacent (signing as a feature, not a product)
- Mayan EDMS — has a signing module; if you already run it as your DMS, no need for a separate tool. See Self-Hosted Document Management.
- CryptPad — collaborative editing; supports inline signatures.
- Nextcloud + Libresign app — adds e-signature to your Nextcloud; works for many use cases.
- OnlyOffice / Collabora — both support digital signatures inside Word / PDF documents (different from a signing-flow product).
What "real" e-signature requires
- Audit trail — IP, timestamp, signer email, hash of signed document, version chain. Documenso, DocuSeal, OpenSign all produce this.
- Tamper-evident PDF — embed a digital signature into the PDF itself, plus a separate signed audit certificate. All three above do this.
- Multi-signer flows — sequential or parallel; reminders; expirations.
- Templates — repeatable contracts (NDAs, SOWs, employment).
- Webhooks / API — for embedding signing into your app (onboarding, contracts, KYC).
Compliance — be honest
- ★ eIDAS / ESIGN / UETA — basic "click to sign" is legally enforceable in most jurisdictions for most contracts. Documenso / DocuSeal / OpenSign all qualify.
- ★ QES (Qualified Electronic Signature) — EU-specific, requires a Qualified Trust Service Provider issuing certificates to signers. None of the OSS tools provide QES out of the box; you wire in a TSP via PKI.
- Notary / wet-signature requirements — some real estate, wills, divorces still require these. E-sign won't help.
- HIPAA / PHI — none of the OSS tools advertise BAAs. If you handle PHI, you self-host on infra you've separately attested.
- If you're EU-based and need QES: consider Yousign / Universign / Docusign EU-Advanced. Hard problem for OSS.
Patterns to adopt
- ★ Email delivery quality matters. Signing links go to clients' inboxes; if they land in spam, you don't get signed contracts. Pair with Postmark / Resend / a working transactional sender.
- Embed signing in your product via Documenso / DocuSeal API rather than redirecting users out — fewer drop-offs.
- Store signed PDFs in a DMS — Mayan EDMS or Paperless-ngx; the signing tool is the workflow, not the archive.
- Backup the DB + the signed PDFs. Both. The audit trail is in the DB.
- Tailscale or Cloudflare Access for the admin UI; the signer-facing URLs need to be public.
- Retention — purge expired draft envelopes; keep completed ones forever.
Pick this if…
- Default modern self-host: Documenso (TS) or DocuSeal (Ruby). Pick by your team's stack.
- Already on Nextcloud: Libresign add-on.
- Already on Mayan EDMS: its built-in signing module.
- Need EU QES: none of the OSS options; managed providers (Yousign / Universign / DocuSign EU).
- Don't want to host this: Documenso Cloud, DocuSeal Cloud, DocuSign, HelloSign, PandaDoc.