Home

CertMate Wiki

SSL certificate management for modern infrastructure. Multi-DNS-provider, multi-CA, Docker-first, with a REST API and a real-time dashboard.

This wiki is the long-form companion to the README. The README covers what CertMate is and how to install it; the wiki covers the per-feature configuration and the architectural details a self-hoster needs at 2 AM.

Getting started

• Installation — Docker (recommended), Kubernetes, Python virtualenv, systemd, all the way down to the file-permission level.
• Docker — Build pipeline, multi-platform images, docker-compose.yml for production, and the hardening flags that aren't on by default.

Core configuration

• DNS Providers — DNS providers with multi-account support, domain-alias CNAME delegation, and the credential format each plugin expects.
• CA Providers — Let's Encrypt, DigiCert ACME (External Account Binding), Private CA with custom trust bundles.
• Deploy Hooks — Shell-out hooks after issuance / renewal / revocation. The threat model is documented; you should read it before pasting commands.

Client certificates

• Client Certificates — Self-signed CA, lifecycle (issue → renew → revoke), batch import (100–30 000 from CSV), audit and rate limit defaults.
• Client Certificates Overview — One-page summary of the feature surface.

Reference

• API — REST endpoints, authentication (legacy bearer + scoped API keys with allowed_domains), response shapes, and the 403 DOMAIN_OUT_OF_SCOPE envelope.
• Architecture — Module layout (modules/api/, modules/web/, modules/core/), the dual API surface, the settings concurrency model, and where the audit log lives.
• Testing — pytest layout, the Docker-based integration fixture in tests/conftest.py, and the unit-only subset that runs without Docker.

External

• Releases — Tagged releases with per-version notes.
• Issues — Bug reports and feature requests use the templates in .github/ISSUE_TEMPLATE/.
• Discussions — Questions and ideas.