certimate

Certimate is a self-hosted tool that automates the process of getting, deploying, and renewing SSL certificates for websites and services. An SSL certificate is what makes a website use HTTPS instead of plain HTTP, so that traffic between your browser and the server is encrypted. Certificates expire (typically every 90 days for free ones), which means they need to be renewed regularly. Certimate handles all of that automatically.

You run it on your own server or computer, meaning your configuration and private keys never leave your infrastructure. It ships as a single binary with no external database or runtime required, uses around 16 MB of memory, and starts with one command. There is a web interface at port 8090 where you set up workflows visually.

The tool supports requesting certificates for single domains, multiple domains, wildcard domains (which cover all subdomains), and IP addresses. It can prove domain ownership through two standard methods: DNS-01 (by adding a temporary DNS record) and HTTP-01 (by serving a file at a specific URL). Over 60 DNS registrars are supported for the DNS method, including Cloudflare, AWS Route 53, GoDaddy, and several large Chinese providers.

Once a certificate is issued, Certimate can deploy it to more than 120 different targets automatically: web servers, Kubernetes clusters, CDN providers, load balancers, and WAF services. It supports multiple certificate formats for compatibility with different server software. Notifications on renewal events can go to email, Slack, Discord, Telegram, and several other channels.

Certimate connects to multiple certificate authorities, including Let's Encrypt, ZeroSSL, and Google Trust Services. The project is MIT licensed and maintained with community contributions. Documentation is at docs.certimate.me.