SSL certificates expire. When they do, your site goes down and your phone rings at 2am. CertKit fixes that. It issues certificates from Let's Encrypt, deploys them to your servers with the CertKit Agent, and verifies the right certificate is actually running on every system. One setup, no per-server configuration, no cron jobs. Works with Windows, Linux, Apache, Nginx, IIS, and more. Free 90-day trial, no credit card.
We've been working in web infrastructure for a long time, and certificates have always been the thing that bites you when you least expect it. Not because they're hard, but because they require someone to remember, someone to act, and then someone to verify it actually worked. That chain breaks constantly.
For a long time, a lot of us just did it manually. Buy a cert, copy it to every server that needed it, set a calendar reminder for 11 months later. That worked well enough when certificates lasted a year. It's not going to work when lifetimes drop to 47 days, which is where things are heading.
Certbot solved the issuance problem really well. If you have a Linux server and a public-facing domain, Certbot renewals are enough. But the limitation is that ACME has to run on every machine. Every machine is open to the internet or making DNS changes. And Certbot doesn't handle distribution or monitoring at all. How do you push one certificate to a 3 server web farm? "Just write a script", great thanks.
CertKit starts from a different place. ACME is handled centrally in one place. Certificates are pushed to your servers with a small agent. One dashboard showing every certificate across your infrastructure, what's deployed where, and whether the right cert is actually running based on the thumbprint we check externally.
I also wanted to get the security model right. Most tools ask for DNS API credentials to handle validation. CertKit uses a delegated CNAME record instead. You set it up once and we never need access to your DNS provider again. Here's a full rundown on how it works.
I've been running this in beta with a few hundred companies for the past year. We keep expanding our integration capability, but once its deployed, our users dont think about certificates again. That's exactly what I was going for. We're thrilled to launch out of our beta today.
We've been working in web infrastructure for a long time, and certificates have always been the thing that bites you when you least expect it. Not because they're hard, but because they require someone to remember, someone to act, and then someone to verify it actually worked. That chain breaks constantly.
For a long time, a lot of us just did it manually. Buy a cert, copy it to every server that needed it, set a calendar reminder for 11 months later. That worked well enough when certificates lasted a year. It's not going to work when lifetimes drop to 47 days, which is where things are heading.
Certbot solved the issuance problem really well. If you have a Linux server and a public-facing domain, Certbot renewals are enough. But the limitation is that ACME has to run on every machine. Every machine is open to the internet or making DNS changes. And Certbot doesn't handle distribution or monitoring at all. How do you push one certificate to a 3 server web farm? "Just write a script", great thanks.
CertKit starts from a different place. ACME is handled centrally in one place. Certificates are pushed to your servers with a small agent. One dashboard showing every certificate across your infrastructure, what's deployed where, and whether the right cert is actually running based on the thumbprint we check externally.
I also wanted to get the security model right. Most tools ask for DNS API credentials to handle validation. CertKit uses a delegated CNAME record instead. You set it up once and we never need access to your DNS provider again. Here's a full rundown on how it works.
I've been running this in beta with a few hundred companies for the past year. We keep expanding our integration capability, but once its deployed, our users dont think about certificates again. That's exactly what I was going for. We're thrilled to launch out of our beta today.
Happy to answer any questions.