CertKit
Abstract
We shipped some big updates this week!
Multi-domain certificates
You can now create certificates that cover multiple domains. Mix and match wildcards with specific hostnames, all on a single certificate.
The first domain you add becomes the Common Name. The rest go into the Subject Alternative Names (SAN) list. This matters if you have systems that still check CN instead of SAN.
One thing to know: multi-domain certificates only renew if all domains validate successfully. If one domain’s DNS is misconfigured, the whole renewal fails. The UI warns you about this because we’ve been burned by it ourselves.
The certificates list now shows which certs have multiple domains attached so you can see what you’re dealing with at a glance.
Better error messages
When certificate issuance fails, CertKit now shows you the actual ACME error instead of a generic “something went wrong” message.
You can see exactly what the CA rejected and why. In this case, someone tried to get a wildcard for a domain that doesn’t exist on the public suffix list. (We also prevented this specific thing from happening again by being better at domain validation). The error tells you that, along with when we’ll retry.
No more guessing what went wrong or digging through logs.
Non-sequential identifiers
We replaced all sequential integer IDs with SQIDs. Those short alphanumeric codes you see in URLs and the certificates list (like knmy and b1nw) are now the only identifiers exposed by the system.
Sequential IDs leak information. They tell attackers how many resources exist, when they were created, and provide an easy target for enumeration. Sqids look random but are still deterministic, so your bookmarks and API integrations won’t break.
CertKit automates certificate lifecycle management for teams who have better things to do. Try it free during our beta.
Comments