# Certimate — Self-Hosted SSL Certificate Automation with Visual Dashboard > An open-source ACME tool that automates the full lifecycle of SSL certificates — issuance, deployment, renewal, and monitoring — with a web-based visual dashboard. Supports major cloud providers and DNS services. ## Install Save in your project root: # Certimate — Self-Hosted SSL Certificate Automation with Visual Dashboard ## Quick Use ```bash # Run with Docker docker run -d --name certimate -p 8090:8090 -v certimate-data:/app/pb_data certimate/certimate:latest # Access dashboard at http://localhost:8090 ``` ## Introduction Certimate is a self-hosted SSL certificate management tool that automates requesting, deploying, and renewing certificates from ACME providers like Let's Encrypt and ZeroSSL. It provides a visual web dashboard for managing certificates across multiple domains and cloud providers without touching the command line. ## What Certimate Does - Requests SSL certificates from Let's Encrypt, ZeroSSL, and other ACME-compatible CAs - Automatically renews certificates before expiration - Deploys certificates to cloud CDNs, load balancers, and web servers (Nginx, Apache, Caddy) - Monitors certificate status and sends alerts via email, webhook, or messaging platforms - Supports DNS-01 challenge validation with 20+ DNS providers (Cloudflare, AWS Route53, Aliyun, Tencent Cloud) ## Architecture Overview Certimate is built with Go and uses PocketBase as its embedded database and admin framework. The backend handles ACME protocol interactions using the lego library. Certificate workflows are defined through the web UI: each workflow specifies a domain, DNS provider for validation, and deployment targets. A scheduler checks certificate expiry and triggers renewal automatically. All state is stored locally in an SQLite database. ## Self-Hosting & Configuration - Deploy via Docker or download a single binary from GitHub releases - Access the web dashboard at the configured port (default 8090) - Add DNS provider credentials through the dashboard settings - Define certificate workflows with domain, CA, and deployment target - Configure notification channels for renewal alerts and failure warnings ## Key Features - Visual web dashboard for managing all certificates in one place - Supports wildcard certificates via DNS-01 challenges - One-click deployment to Alibaba Cloud CDN, Tencent Cloud CLB, AWS CloudFront, and more - Certificate expiry monitoring with configurable alert thresholds - Multi-domain and multi-environment support in a single instance ## Comparison with Similar Tools - **Certbot** — CLI-only ACME client; Certimate adds a visual dashboard and automated deployment - **acme.sh** — Shell-based ACME client; Certimate provides a managed UI and multi-cloud deployment - **Caddy** — Built-in auto-HTTPS for its own server; Certimate manages certificates for any service - **Traefik** — Auto-TLS for its own routing; Certimate handles certificate lifecycle independently of the proxy ## FAQ **Q: Which ACME certificate authorities are supported?** A: Let's Encrypt, ZeroSSL, Buypass, and any ACME-compatible CA. You can configure multiple CAs and choose per workflow. **Q: Can Certimate deploy certificates to Kubernetes?** A: Yes. Certimate supports deploying certificates as Kubernetes secrets, which can be referenced by ingress controllers. **Q: Is the dashboard accessible without authentication?** A: No. Certimate requires login credentials configured during initial setup. It uses PocketBase's built-in auth system. **Q: How does renewal work?** A: Certimate checks certificate expiry daily and automatically triggers renewal when certificates are within the configured threshold (default 30 days). ## Sources - https://github.com/certimate-go/certimate - https://docs.certimate.me --- Source: https://tokrepo.com/en/workflows/93d491c7-3b41-11f1-9bc6-00163e2b0d79 Author: AI Open Source