Abstract
Windows environments have a certificate problem that most automation tools aren’t built to solve. Your VPN concentrator needs a certificate. Your RRAS server needs one. IIS, RDP, your F5 or Palo Alto sitting in the rack, they all need certificates, and none of them were designed to run ACME clients. Putting DNS credentials on every machine in your infrastructure is exactly the kind of credential sprawl that causes incidents.
So you end up with a mix: some things that renew automatically, some that get updated manually when someone remembers, and a spreadsheet that was accurate six months ago. It holds together until someone’s VPN cert expires at 2am and you get a call.
On May 26, I’m doing a live session with Richard Hicks to talk through what actually works.
About the session
SSL Certificate Automation for Windows Infrastructure May 26, 2026 | 11:00 AM Central | 30 minutes | Free
Richard is a Microsoft MVP who has spent his career inside Windows networking and security environments. He consults with organizations on Always On VPN and Windows infrastructure, and he knows what certificate mismanagement looks like when it reaches scale.
We’ll cover what goes wrong in most Windows environments, how to approach automation that works across your actual infrastructure including vendor appliances and services that can’t run their own ACME client, and a live look at how CertKit handles discovery, monitoring, and automated deployment. Then we’ll take your questions.
Register here — it’s free and 30 minutes.
Richard promoted this on his blog too, with some good context on the Windows side of the problem: directaccess.richardhicks.com.
Comments