1. Introduction

CertKit automates TLS/SSL certificate issuance, renewal, monitoring, and deployment across mixed operating systems and web stacks. Our deployment agents run on Linux and Windows.

We manage certificates for web servers, network appliances, and Windows-managed services (IIS, RDP, RRAS, DirectAccess).

The certificate lifecycle has 3 main pieces:

• Issuance — We use ACME (via Let’s Encrypt or other third party providers) to validate domain ownership and issue certificates. We support the latest ACME spec - including ARI-aware renewal scheduling, DNS-PERSIST-01 validation, and multiple profiles.
• Deployment — You can distribute certificate material via managed agents, an S3-compatible API, an optional on-premise keystore, or manual download.
• Verification — We monitor public endpoints to verify the certificate served is valid and matches the expected CertKit issued certificate (if relevant).

Read the rest of the docs to find out more!