Hi everyone,
I’ve been building a lightweight module for a very specific problem: managing ACME certificates on shared hosting and cPanel environments without repeating the same shell workflow over and over.
It’s called FreeCert, and the goal is not to replace existing ACME clients, but to make them easier to use in constrained real-world hosting setups.
The project is available at certificates.biz.
FreeCert is a lightweight PHP module that can be installed directly on a website and used to manage certificate issuance and renewal through an existing ACME workflow, currently based on acme.sh.
This is not a new CA, and it is not meant to compete with mature ACME clients.
It is a thin operational layer built for environments where users technically can issue certificates, but the process is still too manual, fragmented, and repetitive.
Why I built it
In many shared hosting environments, users often have just enough access to make ACME work, but not enough tooling to make it convenient.
That usually means:
- running commands manually
- repeating the same steps every few months
- copying certificate files by hand
- managing multiple small sites with no reusable interface
- depending too much on terminal access for routine operations
I wanted to explore whether a small installable module could make this workflow cleaner and more reusable.
What FreeCert does
FreeCert is installed directly on the target website and works on the current site/domain where it is deployed.
The current design includes:
- lightweight PHP module
- built for shared hosting and cPanel-like environments
- local issuance and renewal using
acme.sh - current domain detection from the installed site
- local logs
- update checks for the module itself
- semiautomatic certificate workflow
- no arbitrary free-form domain input for certificate issuance
Authorization model
One of my main design goals was to avoid creating a generic public “issue certificates for anything” tool.
So the module uses an external authorization layer called Librya.
The workflow is:
- the user authenticates
- the module detects the current domain
- the module checks whether that domain is registered and approved for that user
- only then are SSL actions allowed
This keeps the module tied to the real site where it is installed, instead of turning it into an open certificate panel.
What I’d love feedback on
I’d really appreciate technical feedback on a few points:
- Does this architecture make sense for shared hosting and cPanel use cases?
- Are there obvious security pitfalls in using a lightweight management layer around an existing ACME client workflow?
- Does this feel like a useful niche for people managing multiple small websites on constrained hosting?
- If the project becomes mature enough, would it make sense to present it as a niche ACME management option for this type of environment?
I’m not trying to replace mature ACME clients.
The goal is to make certificate management more practical in a specific class of hosting environments where people often end up doing everything manually even when ACME support is technically available.
If useful, I can also share more details about:
- module structure
- authorization flow
- update mechanism
- local execution flow
- current UI and workflow decisions
Thanks in advance for any feedback.
