Roadmap

In progress

We are currently building these features. Vote to help us prioritize.

1. Google Trust Services (and other ACME Issuers)

   Support for other ACME issuers like Google Trust Services and specifying custom EAB.

   [+1] I want this [-1] I don't need this

High priority

These are features often requested by customers, or critical to the next step in our vision.

1. DNS-PERSIST-01 Validation

   Switch certificate validation over to DNS-PERSIST-01 once implemented by Let's Encrypt.

   [+1] I want this [-1] I don't need this

2. Audit Log

   View, search, and export an audit log from your account. See who has logged in, interacted with certificate, agents, or alerting. Audit the automatic renewal and deployment actions of CertKit.

   [+1] I want this [-1] I don't need this

3. Private CA

   Issue private certificates directly from CertKit. Trust your account's root Certificate and generate unlimited certificates signed by CertKit.

   [+1] I want this [-1] I don't need this

4. Advanced Alerting

   Configure customized alerting types, rules, and destinations

   [+1] I want this [-1] I don't need this

5. Certificate Tags

   Create and manage tags for certificates to organize by owner, department, or use case. UI search and filtering by tag.

   [+1] I want this [-1] I don't need this

Backlog

Features that we think are neat, or have been requested, but we're not sure where they fit into the plan yet.

1. IP Certificates

   Certificates for IP Addresses with HTTP-01 Validation

   [+1] I want this [-1] I don't need this

2. Self-serve rotate API keys

   Rotate and re-issue API keys from the UI.

   [+1] I want this [-1] I don't need this

3. Certificate Transparency Log API

   API access to the Certificate Transparency Log to do advanced searches and firehose data.

   [+1] I want this [-1] I don't need this

4. Certificate Push

   Agent, gateway, or other mechanism to "push" certificates into appliances or systems that are unable to run the agent themselves. This might look like a scripted API call or allowing the agent to upload certificates via SSH or file share.

   [+1] I want this [-1] I don't need this

5. Microsoft Exchange

   Agent integration to update Microsoft Exchange server certificates

   [+1] I want this [-1] I don't need this

6. Data Sovereignty

   Keep your hosted certificates geographically located in the EU, UK, or other locations

   [+1] I want this [-1] I don't need this

7. Certificate Transparency Log Monitoring

   Setup alerts when new certificates show up in the CTLog, or when a certificate from the log changes status or expires.

   [+1] I want this [-1] I don't need this

Completed

All the things that CertKit already does today!

1. Microsoft Remote Desktop

   Released 2026-03 • Blog Announcement

   Agent integration to update RDP Certificates

2. Java Keystore

   Released 2026-03 • Blog Announcement

   Add and renew certificates into a Java Keystore.

3. CertKit Keystore (formerly known as the Local Gateway)

   Released 2026-03 • Blog Announcement

   A on-premise installable service for the generation and storage of certificate private keys.

4. ARI Certificate Renewal

   Released 2026-03 • Blog Announcement

   Honor the ARI certificate renewal timing from Let's Encrypt.

5. 6-Day Certificates

   Released 2026-03 • Blog Announcement

   Support for Let's Encrypt's short-term 6 day certificates.

6. Single Sign On

   Released 2026-03 • Blog Announcement

   SAML-compliant SSO implementation

7. User management and roles

   Released 2026-03 • Blog Announcement

   Add/invite/remote users from your account. Give them permissions for applications and support manager and viewer roles.

8. Weekly Email Summary

   Released 2026-03 • Blog Announcement

   Weekly summary email of certificates, renewals, expirations, and agent status. Also the ability to subscribe/unsubscribe from email.

9. Microsoft RRAS VPN Support

   Released 2026-02 • Blog Announcement

   Expand the Windows agent to include support for Microsoft Routing and Remote Access Service.

10. Host Agent

    Released 2026-02 • Blog Announcement

    The agent simplifies the distribution of certificates to your infrastructure. The agent runs as a service on each of your hosts, allowing you to configure the services and certificates to distribute to each host.

11. Multiple applications

    Released 2026-01 • Blog Announcement

    Create multiple groups of certificates within an account. Each group should have its own access credentials.

12. Multi-domain certificates

    Released 2025-12 • Blog Announcement

    Create multi-domain (multi-san) certificates. Allow the control of the certificate Common Name (CN).

13. Certificate Transparency Log Search

    Released 2025-11 • Blog Announcement

    Be able to search for all the certificates in a domain from the Certificate Transparency Log, and import them to be monitored or managed by CertKit.