We’ve been managing web infrastructure for a long time. For most of that time, certificate management meant buying a cert, copying it to wherever it needed to go, and setting a calendar reminder. That works when certificates last a year. It stops working when lifetimes drop to 47 days.

Certbot is the obvious answer but it doesn’t cover everything. It requires ACME on each server, which means each server needs to be internet-reachable or have DNS provider access. That rules out Windows servers, JKS keystores, and appliances that can’t run Certbot or speak ACME at all.

CertKit handles ACME centrally. A source-available Go agent runs on each server and handles deployment, including Windows, JKS, and appliances via custom file destinations and post-deploy commands. Validation uses a delegated CNAME so we never need your DNS provider credentials.

We just wrapped up our beta and launched today. Happy to answer any questions.

https://www.certkit.io/