Custom DNS servers are already supported via certbot-dns-rfc2136 plugin as you suggested!
But a GUI to manage enterprise-level SSL fleets? Doubtful.
Not when a change/configuration management system (Puppet, Chef, Ansible etc etc..) driven by git commits enables single-source-of-truth, peer-review, and automatic creation/monitoring/renewal of certificates.
Shameless plug: if you need to cut through the noise of thousands of certs across thousands of hosts, there's https://sslboard.com
There is an opportunity to improve the tool then I added this feature as wanted feature in the plan as certmate dev :)
Their main concerns are getting browser "unsafe" warnings disappear and keep it so. They want nothing to do with cert issuance or renewal.
It seems a bit silly to call a new tool an SSL manager?
Maybe think of it as “SSL certs” the thing uses TLS x.0 standard.
Too many people will say “what?” if you call it TLS cert management. Or worse, they will ignore it because it doesn’t trip the synapses.
I came from a decade of certificate management in multiple work contexts and YES, all the people refer to them as SSL and not TLS, while TLS 1.2 is the minimum de facto standard nowadays.
The point of certmate is to have a simple url like https://certmate/domain/tls to grab a valid cert from wherever I am, any time. This because I focused on DNS challenge only.
A good feat btw is the deploymenet check, where the app verify if the cert issued is the same deployed on public FQDN.
Of course some more interesting additional features will be added soon like:
- multiple cloud accounts support - deploy to remote nodes - vault integration/support
Enjoy and contribute!
ozim•7mo ago
But then I read:
Prerequisites Docker 20.10+ Docker Compose 2.0+.
So now if I have app that can run on v19 I need docker for dockers :) to use CertMate because if I upgrade my other apps might be messed up.
meepmorp•7mo ago
But less snarkily, maybe put in the work to hack up their dockerfiles if you want to do something they don't directly support.
ozim•7mo ago
Downside for me is that people FUCKING scream at me when I want to remove a piece and make it unsupported but FB, Google, Docker, Atlassian they can just get away with it.
So I reserve being pissed off for myself — that I can do and no one can stop me :D.
Or just making fun of whatever instance I find on the internet.
Question is "can you just do that" on whatever system you are working on, or maybe you have wait 10 years or you just switch company every 2 years to avoid dealing with it?