Product Posts

CertKit now ships centrally managed deployment scripts that push certificates directly to appliances, cloud platforms, and custom infrastructure, with a template library and encrypted variable storage.

On May 26, I’m doing a 30-minute live session with Richard Hicks on what actually works for SSL certificate automation in Windows environments. VPNs, IIS, RRAS, vendor appliances, the endpoints that can’t run ACME on their own. If you’re patching this with scripts and reminders, this one is for you.

Copy and share agent configurations across your fleet, search and sort your monitored domains, and our first official Data Processing Agreement for GDPR compliance.

Agent 1.9 adds remote push updates so you can upgrade your entire fleet from the dashboard, plus first-class support for Google Trust Store as an ACME certificate issuer alongside Let’s Encrypt.

We launched the beta in July 2025. Over 600 users later, the beta is over. Here’s what we built, what we learned, and a thank you to the early adopters who helped make it real.

Agent 1.8 closes the last gaps in Windows and Java certificate deployment. Write directly into the Windows Certificate Store, auto-detect Remote Desktop and Remote Gateway, drop JKS files for legacy Java applications, and use automatic variables in your update commands. Also: we shipped a retro MS-DOS modal on April Fools Day.

CertKit manages your certificates from issuance through deployment. For most organizations, that includes holding your private keys. For some, that’s a hard no. The Local Keystore is for them.

CertKit now polls Let’s Encrypt multiple times a day to check when each certificate should renew. That means mass revocations happen automatically, without you doing anything. We also added support for 6-day certificates for environments where 90 days isn’t short enough.

CertKit now supports team accounts with role-based access, multi-factor authentication, SAML single sign-on, and a weekly email digest. Here’s what shipped and why it matters.

The CertKit Agent now supports Microsoft RRAS for VPN certificate management. We also added deploy windows so you can control when certificate updates happen, and agent locking to protect your infrastructure even if CertKit itself were ever compromised.

CertKit can now deploy certificates directly to your servers. The CertKit Agent is a lightweight service for Linux, Windows, and Docker that detects your software, writes certificates where they need to go, and restarts your services automatically.

As your certificate count grows, so does the chaos. Applications let you organize certificates into logical groups with their own API keys and access controls. No more sharing credentials across your entire infrastructure.

We just published our product roadmap. It’s interactive. Vote on what matters to you, or tell us what we’re missing entirely.

CertKit now supports multi-SAN certificates, letting you cover multiple domains with a single cert. We also improved the certificate creation flow and made error messages actually useful.

In this post we’ll build a Clickhouse database schema to store billions of Certificate Transparency Log entries.

In this post we’ll write Golang code to pull Certificate Transparency Log entries and process them at scale.

Every TLS certificate ever issued for a domain is recorded in public Certificate Transparency logs. Here’s how to search them to find mis-issued certificates, unauthorized changes, or infrastructure you didn’t know existed.

SSL certificates have always been a pain. Now Apple wants us to renew them every 47 days. We watched a DevOps team waste six hours debugging CertBot, tried every tool from Cert Manager to DigiCert, then said screw it. We built CertKit - certificate management for people with better things to do.