CertKit for automating SSL certs to Windows, JKS, and appliances

Name: CertKit for automating SSL certs to Windows, JKS, and appliances
Availability: InStock
Author: eric_trackjs

by eric_trackjs·Apr 8, 2026·7 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemSlick

Handles Windows and JKS where Certbot fails, but it's a paid SaaS in a crowded category.

Strengths

•Delegated CNAME validation means no DNS provider credentials needed
•Go agent handles custom file destinations and post-deploy commands for appliances
•600+ beta users with production deployments proves real traction

Weaknesses

•Source-available, not open source — limits self-hosting and community contributions
•Full-service onboarding doesn't scale; manual touch for every new customer

Post Description

We’ve been managing web infrastructure for a long time. For most of that time, certificate management meant buying a cert, copying it to wherever it needed to go, and setting a calendar reminder. That works when certificates last a year. It stops working when lifetimes drop to 47 days.

Certbot is the obvious answer but it doesn’t cover everything. It requires ACME on each server, which means each server needs to be internet-reachable or have DNS provider access. That rules out Windows servers, JKS keystores, and appliances that can’t run Certbot or speak ACME at all.

CertKit handles ACME centrally. A source-available Go agent runs on each server and handles deployment, including Windows, JKS, and appliances via custom file destinations and post-deploy commands. Validation uses a delegated CNAME so we never need your DNS provider credentials.

We just wrapped up our beta and launched today. Happy to answer any questions.

https://www.certkit.io/