Abstract
Two things shipped this week. One is for the MSPs who manage certificates on behalf of other companies. The other lets you run the shorter 45-day renewal cycle today.
MSP certificate management with managed accounts
If you run certificates for clients, you know the awkward middle. You can do the work inside your own account and lose the clean separation, or you can ask the client to set up their own account and walk them through it over a screen share. Neither is great.
Managed accounts fix that. An MSP can create a fully-managed account for a client, do the entire setup, issue the certificates, deploy the agents, get everything monitored and green, then hand the account over to the client to run themselves.
A client account is a real account, not a folder inside yours. It has its own users, its own SSO, its own logging and monitoring, its own everything. When you hand it over, the client owns it.
You don’t disappear after the handover. MSP users can keep acting inside the client’s account to help administer their certificate workflow and provide support. Every action is fully logged and audited, so the client always knows what you did and when. The support stays. The black box doesn’t.
You can also co-brand. The client sees your name on the account they’re working in, not just ours.
This is the co-label model we built CertKit for. You carry the certificate operations, the client keeps ownership and visibility, and nobody has to share a login.
45-day certificates, available now
We now support Let’s Encrypt’s TLS Server profile, which issues 45-day certificates. You can opt in today and run your renewals on the shorter lifetime before anyone makes you.
This is where the whole industry is heading. Let’s Encrypt is cutting certificate lifetimes from 90 days to 45 days by February 2028, a full year ahead of the CA/Browser Forum’s 2029 mandate. When that maximum drops from 90 to 45, it stops being optional.
If you want to test your automation against a 45-day cycle now, you can. Turn it on and your renewals just run more often. That’s the whole change, assuming your automation was real in the first place.
And if you do nothing, you’re still covered. When the maximum drops to 45 days, we’ll switch you over automatically. You won’t need to reconfigure anything, because adapting to shorter lifetimes is the entire point of CertKit.
Both features are live now. Managed accounts are in your account dashboard, and the 45-day profile is a setting on your collection. Sign up for CertKit to try it free, book a demo for a walkthrough, or see what’s next on the roadmap.
CertKit handles the entire certificate lifecycle, so renewals and handoffs are not your problem.
Comments