6. Agents

The easiest way to deploy certificates.

The CertKit Agent is a cross-platform binary installed on target hosts to automate certificate deployment. It handles registration, polls for certificate updates, writes certificate material to local destinations, and executes post-deployment commands (e.g., service reloads or appliance pushes).

The agent’s source code is available at github.com/certkit-io/certkit-agent.

Installation and Registration

To register a new agent, copy the registration snippet from the Agents page and run it on the target host.

  • Approval: New agents require approval before they’re fully activated. An account administrator must authorize the agent before it can begin syncing. This helps ensure that even if your registration key is used erroneously, there’s an additional step before any certificates will deploy to that host.
  • Auto-Updates: The agent supports in-place auto-updates. You can trigger updates for individual agents or use the Update All Now action to update the entire fleet.

Agent Detail Page

Agent detail
The agent detail page.

The agent detail page provides a comprehensive view of the host’s identity, software inventory, and active deployment configurations.

Discovered Software

The agent automatically detects running software such as Nginx, Apache, IIS, and RDP. Detected items appear under the Discovered Certificates section, allowing you to create a deployment configuration with pre-filled paths and update commands. See Software Auto-Discovery for more details.

Deployment Configurations

This section lists all deployment configurations assigned to the agent. You can monitor the status of the most recent deployment or manually pause specific configurations. Read more about deployment configurations

Security and Management

  • Locking: Agents can be “locked” to prevent remote configuration changes. A locked agent continues to renew existing certificates but cannot be reconfigured via the CertKit dashboard. Unlocking must be performed locally on the host.
  • Auto-Updates: Update the agent to the latest version or re-run the installation snippet if required.

Deletion

Deleting an agent removes the agent record and all deployment configurations owned by that agent. Shared configurations (configurations linked to multiple agents) will persist on the other linked agents.