Sounds cool, but what if you don't use one of the listed DNS providers, but rather run your own DNS? I didn't see an option that would let you do that.
This may be good for the selfhoster who is running more an a couple of sites.
But a GUI to manage enterprise-level SSL fleets? Doubtful.
Not when a change/configuration management system (Puppet, Chef, Ansible etc etc..) driven by git commits enables single-source-of-truth, peer-review, and automatic creation/monitoring/renewal of certificates.
You're absolutely right, at the enterprise level, managing an SSL fleet goes far beyond just issuance, and you can't assume the certificates you're issuing are the only ones that exist.
Shameless plug: if you need to cut through the noise of thousands of certs across thousands of hosts, there's https://sslboard.com
SSL officially became TLS in 1999 when the Internet Engineering Task Force published TLS 1.0 as RFC 2246. TLS 1.0 was designed as an upgrade to SSL 3.0, addressing security vulnerabilities and making several improvements, but the changes were significant enough to prevent interoperability between SSL 3.0 and TLS 1.0
It seems a bit silly to call a new tool an SSL manager?
So this just writes the certificates to disk and you still have to manage binding certificates to services? I’m using Caddy in-front of containers using Cloudflare DNS and it works amazingly. Zero configuration.
Looks good. I am using Cert Warden for similar purposes, though admittedly only a few certificates. Most of my minimal needs are taken care of properly by Caddy which is already the front end proxy for the same services.
10 comments
[ 2.2 ms ] story [ 38.9 ms ] threadBut then I read:
Prerequisites Docker 20.10+ Docker Compose 2.0+.
So now if I have app that can run on v19 I need docker for dockers :) to use CertMate because if I upgrade my other apps might be messed up.
But a GUI to manage enterprise-level SSL fleets? Doubtful.
Not when a change/configuration management system (Puppet, Chef, Ansible etc etc..) driven by git commits enables single-source-of-truth, peer-review, and automatic creation/monitoring/renewal of certificates.
Shameless plug: if you need to cut through the noise of thousands of certs across thousands of hosts, there's https://sslboard.com
Their main concerns are getting browser "unsafe" warnings disappear and keep it so. They want nothing to do with cert issuance or renewal.
It seems a bit silly to call a new tool an SSL manager?
https://www.certwarden.com/