Certera - A central validation server for Let's Encrypt certificates

Hopefully a little self-promotion is allowed here.

Certera is a central validation server for Let’s Encrypt certificates. It’s a cross platform, self-hosted web application. With Certera, you can centralize all of your LE certificates and keys, monitor certificates and receive notifications for cert changes and expirations. It will also help you stay within LE quota limits. Check out the docs for more details and screenshots. It’s currently in beta as I’m looking for folks to start using and provide some feedback.

I created this because I had been using various ACME clients and occasionally a change here and there could cause things to break. Or, a cert would be on a system that I didn’t know about and the cert would expire without any one knowing about it. The biggest driver was making it simpler to use LE certs behind load balancers since Certera separates acquiring certificates and applying them. The idea is that you use Certera to acquire certificates, then use the API provided to retrieve the certs and keys to apply them. Currently, it only works with HTTP-01 validation (and redirects). I’m planning on adding DNS-01 validation and some hooks to make certificate automation much better when it comes to client certificates (i.e. rotating SSO certificates or certificates used for securing endpoints).

https://certera.io (landing page)
https://docs.certera.io (docs)
https://github.com/certera-io/certera/ (code)

Some principles I’ve tried to follow while building this:

  • Perpetual license only. I’m kind of burned out with subscriptions.
  • The least amount of Javascript I could get away with. There are no frameworks. All in all, less than 10 lines of plain vanilla JS.

Thanks for reading and let me know what you think!

5 Likes

Very cool!

Do you plan on shipping an official agent to run on endpoints? To fetch certificates and apply them, to regularly check into the server, etc. Endpoint management is always trouble, and pre-solving those issues for users would be a big help.

Making it into a turnkey solution, basically.

Especially once access control and DNS-01 are in, it looks like Certera would solve many of the pain points that people currently have with ACME. Well done.

3 Likes

Thanks for reading and providing feedback. It’s very much appreciated.

Yes, I plan on getting a repository ready on GitHub with the most common scripts out there. The clients are so lightweight I wasn’t sure if it even provided any value to do so. Fetching is simply a single “curl” call or Invoke-WebRequest via PowerShell. Applying is equally as simple. I’m getting together a PowerShell module to do all of that for the most common scenarios (applying to IIS, Azure, etc.).

You’re spot on with DNS-01. Once that’s there, you’ll get wildcard certs and no need to do the redirects at each endpoint, which will be awesome.

4 Likes