Certify Certificate Server: Invitation for Feature Requests

As part of a new development, Certify The Web is expanding to implement a certificate server API (naming as yet undecided). This will allow client apps, services and scripts (with an API token) to fetch the latest cert from the certificate server (which in turn does all the ACME process and stores/access secrets like DNS credentials etc).

This enables:

  • Scripted fetch of the latest cert by a system that is otherwise not involved in ACME/Let’s Encrypt communication. e.g. Cloud apps, load balanced web servers, appliances
  • Multi-node Certify install can fetch latest certs from a master server
  • Middleware (such as asp.net core kestrel https config) can fetch the latest cert and also answer http challenges (if required) by asking the server what the current challenge answer should be.
  • The Certify server can be optionally hosted on Linux (docker)
  • The server can perform some push deployment tasks (network, ssh etc) as well as providing an API to pull from.
  • The server will be able to push/pull from some cloud or on-prem Key Vaults (azure, Hashicorp vault)

The existing UI will be able to connect to (and manage) different servers from your desktop, in the same manner as it does now (when on your server desktop).

So, if you think you have a need for such a thing, what features do you need, why and how do you imagine using it?

I would hope it could support uploading Certificates to Cloudflare’s API or if it could work with Visual Studio for Code Signing Certificates.

1 Like

Thanks, I’ll look into a Deployment Task for cloudflare.

For code signing certificates those can only be done as Organisation Validation (OV) certificates, so they would only be possible if you already have a subscription to services by sectigo or other CAs who offer automated certs (ACME) but also offer OV- Let’s Encrypt certificates are domain validation only and can’t be used for code signing.