Join the v5.x alpha/beta testing!

Announcing Certify The Web v5 Beta testing

v5.x is a major new release features thousands of improvements and changes developed over the last 12 months.

v5.x beta versions may contain bugs and should be used with some caution. You should backup your settings at C:\ProgramData\Certify before using this version. You should ideally try it in a test environment before use in production (unless you have been recommended to install this version by support).

Please report any issues you encounter.

Updates & New Features in v5.x:

Multi-ACME Account Support

  • New support for multiple ACME accounts (including BuyPass Go), additional/custom ACME CAs are configurable
  • New support for using Staging accounts (useful for testing without affecting production rate limits).

Deployment Tasks:

  • Unlimited pre/post-renewal Tasks tasks such as export, copying, scripting, webhooks.
  • You can now defer and control deployment tasks so they can be part of scheduled maintenance outside of certificate renewal itself.
  • Deploy to windows, linux or other SSH hosts.
  • Deploy as specific users (windows, network, unix/linux)
  • Flexible certificate/key export in a range of common formats
  • Includes pre-built Deployment Tasks for MS Exchange, ADFS, Apache, nginx, Tomcat, CCS, Remote Access (VPN, SSTP), RDP Gateway/Listener, Wait N Seconds…

DNS Providers:


  • Hundreds of smaller UI changes including integrated documentation links for DNS providers etc, release notes UI
  • FTP Site support (IIS)
  • Basic support for external cert managers (win-acme, Posh-ACME) to view basic settings (read-only).
  • Dark theme
  • UI Scaling options for enhanced accessibility
  • Command line option to scan for certificates that have been revoked to flag them for renewal
  • Bug fixes (and perhaps some new bugs, keep an eye out for them!)

Planned (5.x timeline):

  • New Client API for custom development against the Certify The Web server API (accessible in .net, dotnet core, PowerShell etc)
  • CA fallback (not yet implemented). If communication or renewal with the primary CA fails repeatedly, fallback to compatible alternatives (if available)
  • Import/Export to migrate configuration between installations


  • Easy setup for an acme-dns server on windows
  • Operate a central ACME server and cert API for authorized client apps to pull latest certs