# certd/certd **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/certd-certd).** 4,454 stars · 516 forks · JavaScript · agpl-3.0 ## Links - GitHub: https://github.com/certd/certd - Homepage: https://certd.docmirror.cn/ - awesome-repositories: https://awesome-repositories.com/repository/certd-certd.md ## Topics `acme` `auto` `automation` `cert` `certbot` `letencrypt` `ssl` `ssl-certificate` ## Description Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted credential storage, and brute-force protection, making it suitable for team-based certificate management. The system integrates with over 100 deployment targets including Kubernetes clusters, cloud CDNs, and remote servers via SSH and APIs, and provides a visual pipeline editor for constructing complex automation sequences. Beyond core certificate operations, the platform offers certificate expiration monitoring with multi-channel notifications through email, webhooks, and messaging platforms. It supports custom plugin development for DNS providers, deployment targets, and authorization methods, and can store data in SQLite, MySQL, or PostgreSQL databases. The system also provides RESTful API endpoints for programmatic certificate lifecycle management and includes features for automated database backups and pipeline export/import. The application can be deployed using Docker Compose, one-click script installation, or through server management panels, with support for IPv6 access and Synology NAS environments. ## Tags ### Security & Cryptography - [ACME Certificate Provisioners](https://awesome-repositories.com/f/security-cryptography/acme-certificate-provisioners.md) — Provides an automated platform that applies, renews, and deploys SSL certificates using the ACME protocol. - [Certificate Lifecycle Management](https://awesome-repositories.com/f/security-cryptography/certificate-lifecycle-management.md) — Orchestrates the full lifecycle of SSL certificates—application, renewal, and deployment—through a configurable pipeline of automated steps. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [ACME Clients](https://awesome-repositories.com/f/security-cryptography/acme-clients.md) — Automates certificate issuance and renewal by managing DNS challenges and ACME account persistence. - [Automated Certificate Issuance](https://awesome-repositories.com/f/security-cryptography/certificate-automation-protocols/automated-certificate-issuance.md) — Configures a pipeline to request SSL certificates from Google's public CA using EAB or service account authorization. ([source](https://certd.docmirror.cn/guide/use/google/)) - [Certificate Renewal Managers](https://awesome-repositories.com/f/security-cryptography/certificate-renewal-managers.md) — Automates daily certificate renewal through scheduled pipeline execution to prevent expiration. ([source](https://certd.docmirror.cn/guide/use/https/index.html)) - [API-Triggered Certificate Requests](https://awesome-repositories.com/f/security-cryptography/certificate-renewal-managers/api-triggered-certificate-requests.md) — Accepts certificate application parameters and automatically creates or triggers a pipeline to issue or renew the certificate. ([source](https://certd.docmirror.cn/guide/open/index.html)) - [Cloud Credential Management](https://awesome-repositories.com/f/security-cryptography/cloud-credential-management.md) — Stores and manages API credentials for dozens of cloud platforms, DNS providers, and hosting services so automated certificate workflows can interact with them. ([source](https://certd.docmirror.cn/guide/plugins/access.html)) - [DNS Challenge Verifiers](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management/certificate-verification/dns-challenge-verifiers.md) — Automates domain validation by writing DNS records through a provider interface for ACME certificate issuance. - [Domain Ownership Verification](https://awesome-repositories.com/f/security-cryptography/dns-security/authenticated-record-retrievers/domain-ownership-verification.md) — Verifies domain ownership via DNS-01, HTTP-01, or CNAME proxy methods to authorize certificate issuance. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [DNS Validation Providers](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers.md) — Automates domain validation by writing DNS records through a provider interface so the ACME client can issue certificates. ([source](https://certd.docmirror.cn/guide/development/)) - [DNS Provider API Integrations](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers/dns-provider-api-integrations.md) — Automates domain validation by integrating with multiple DNS providers to write and remove challenge records. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [Credential Encryption](https://awesome-repositories.com/f/security-cryptography/end-to-end-encryption/credential-encryption.md) — Encrypts all authorization tokens and secrets before storage, with each user's data isolated from administrators. ([source](https://certd.docmirror.cn/guide/feature/safe/)) - [Cloud Provider Credential Stores](https://awesome-repositories.com/f/security-cryptography/identity-based-access-control/credential-based-access-controls/cloud-provider-credential-stores.md) — Stores and manages access credentials for various cloud and DNS providers, enabling secure automated operations. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [DNS and HTTP Challenges](https://awesome-repositories.com/f/security-cryptography/identity-domain-management/dns-and-http-challenges.md) — Automates domain ownership verification through DNS-01, HTTP-01, and CNAME proxy methods for ACME certificate issuance. - [Role-Based Access Controls](https://awesome-repositories.com/f/security-cryptography/multi-tenant-isolation/role-based-access-controls.md) — Isolates users and projects with role-based permissions, encrypted credential storage, and brute-force protection. - [Security and Access Control](https://awesome-repositories.com/f/security-cryptography/security-and-access-control.md) — Protects the management platform with encryption, two-factor authentication, password brute-force prevention, and site hiding. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [Self-Hosted Certificate Lifecycle Managers](https://awesome-repositories.com/f/security-cryptography/self-hosted-certificate-lifecycle-managers.md) — Provides a self-hosted manager that monitors certificate expiration, triggers renewal pipelines, and sends alerts. - [SSL Certificate Automation](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-automation.md) — Automates the full lifecycle of SSL certificates including application, renewal, and deployment across domains. - [Plugin-Based Deployments](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-automation/plugin-based-deployments.md) — Automates certificate deployment to over 100 targets using a plugin-based pipeline. ([source](https://certd.docmirror.cn/guide/)) - [Certificate Data Persistence](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-managers/certificate-data-persistence.md) — Persists certificate files, private keys, and metadata in a relational database. ([source](https://certd.docmirror.cn/guide/install/database/)) - [Self-Hosted Access Controls](https://awesome-repositories.com/f/security-cryptography/user-access-management/self-hosted-access-controls.md) — Restricts access with role-based permissions, two-factor authentication, and brute-force protection for a self-hosted deployment. ([source](https://certd.docmirror.cn/guide/)) - [Multi-Domain Certificate Operations](https://awesome-repositories.com/f/security-cryptography/wildcard-certificate-management/multi-domain-bundling/multi-domain-certificate-operations.md) — Manages certificate operations across many domains and subdomains from a single interface. ([source](https://certd.docmirror.cn/](https://certd.docmirror.cn/guide/)) - [Azure DNS Configurations](https://awesome-repositories.com/f/security-cryptography/application-access-controls/azure-credential-configuration/azure-dns-configurations.md) — Automates SSL certificate issuance by configuring Azure DNS zone access and authorization. ([source](https://certd.docmirror.cn/guide/use/azure/dns.html)) - [Programmatic Certificate Management APIs](https://awesome-repositories.com/f/security-cryptography/certificate-lifecycle-management/programmatic-certificate-management-apis.md) — Manages certificate lifecycles through RESTful API endpoints so external systems can automate issuance and renewal. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [Tencent Cloud Credential Configurations](https://awesome-repositories.com/f/security-cryptography/cloud-credential-management/tencent-cloud-credential-configurations.md) — Configures Tencent Cloud API keys to authenticate automated certificate operations. ([source](https://certd.docmirror.cn/guide/use/tencent/)) - [Custom DNS Provider Plugins](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers/dns-provider-api-integrations/custom-dns-provider-plugins.md) — Provides a plugin system for implementing custom DNS providers for ACME domain validation. ([source](https://certd.docmirror.cn/guide/development/index.html)) - [Custom Credential Providers](https://awesome-repositories.com/f/security-cryptography/identity-based-access-control/credential-based-access-controls/custom-credential-providers.md) — Ships a plugin system for adding custom authentication methods for third-party services. ([source](https://certd.docmirror.cn/guide/development/index.html)) - [Certificate Lifecycle Monitors](https://awesome-repositories.com/f/security-cryptography/identity-servers/certificate-trust-validation/certificate-lifecycle-monitors.md) — Monitors SSL certificate expiration dates and sends notifications through email, webhooks, and messaging platforms. - [Certificate Expiry Tracking](https://awesome-repositories.com/f/security-cryptography/key-expiry-management/certificate-expiry-tracking.md) — Monitors SSL certificate expiration dates and sends notifications before they expire to prevent service disruptions. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [Agent-Based Certificate Deployments](https://awesome-repositories.com/f/security-cryptography/remote-certificate-deployments/agent-based-certificate-deployments.md) — Ships a Go-based agent that scans Nginx configurations and deploys certificates without exposing SSH credentials. ([source](https://certd.docmirror.cn/guide/open/index.html)) - [SSH Credential Stores](https://awesome-repositories.com/f/security-cryptography/server-access-controls/ssh-credential-stores.md) — Stores SSH or password credentials for direct server access, enabling certificate deployment and DNS management on remote machines. ([source](https://certd.docmirror.cn/guide/plugins/access.html)) - [Multi-Domain Operations](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-managers/multi-domain-operations.md) — Applies certificate pipeline rules across many domains simultaneously for efficient management. ([source](https://certd.docmirror.cn/](https://certd.docmirror.cn/guide/)) ### Business & Productivity Software - [Visual Workflow Automators](https://awesome-repositories.com/f/business-productivity-software/visual-workflow-automators.md) — Ships a visual pipeline editor for designing multi-step certificate automation workflows. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [Collaborative Certificate Management](https://awesome-repositories.com/f/business-productivity-software/collaborative-certificate-management.md) — Manages certificates, pipelines, and access credentials across teams with role-based permissions and project isolation. ### Development Tools & Productivity - [Certificate Lifecycle Pipelines](https://awesome-repositories.com/f/development-tools-productivity/workflow-data-pipelines/certificate-lifecycle-pipelines.md) — Orchestrates certificate operations as configurable multi-step pipelines with visual editing and scheduled execution. - [REST APIs](https://awesome-repositories.com/f/development-tools-productivity/rest-apis.md) — Manages certificates and pipelines programmatically by calling RESTful endpoints exposed by the system. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [Certificate Output Reuses](https://awesome-repositories.com/f/development-tools-productivity/workflow-data-pipelines/certificate-lifecycle-pipelines/certificate-output-reuses.md) — Passes the result of one task, such as a certificate ID from a cloud upload, as input to later tasks in the pipeline. ([source](https://certd.docmirror.cn/guide/use/pretask/)) ### DevOps & Infrastructure - [Configurable Stage Pipelines](https://awesome-repositories.com/f/devops-infrastructure/cli-job-runners/multi-stage-pipeline-orchestrators/configurable-stage-pipelines.md) — Orchestrates certificate tasks as a configurable pipeline, allowing sequential steps for application and deployment. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [Cross-Cloud Certificate Deployment](https://awesome-repositories.com/f/devops-infrastructure/cloud-deployment/multi-cloud-deployments/cross-cloud-certificate-deployment.md) — Deploys SSL certificates to over 110 targets including Nginx, cloud providers, and Kubernetes. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) - [Cloud Platform Deployments](https://awesome-repositories.com/f/devops-infrastructure/cloud-deployment/multi-cloud-deployments/cross-cloud-certificate-deployment/cloud-platform-deployments.md) — Pushes certificates to cloud platforms and services for immediate HTTPS enablement. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [Alibaba Cloud CDN Deployments](https://awesome-repositories.com/f/devops-infrastructure/cdn-deployment-integrations/alibaba-cloud-cdn-deployments.md) — Deploys SSL certificates to Alibaba Cloud CDN for secure content delivery. ([source](https://certd.docmirror.cn/guide/use/aliyun/)) - [Alibaba Cloud Certificate Uploads](https://awesome-repositories.com/f/devops-infrastructure/cloud-certificate-rotation/alibaba-cloud-certificate-uploads.md) — Uploads SSL certificates to Alibaba Cloud Certificate Management Service for centralized storage. ([source](https://certd.docmirror.cn/guide/use/aliyun/)) - [Alibaba Cloud DCDN Deployments](https://awesome-repositories.com/f/devops-infrastructure/cloud-certificate-rotation/alibaba-cloud-dcdn-deployments.md) — Deploys SSL certificates to Alibaba Cloud DCDN for secure dynamic content delivery. ([source](https://certd.docmirror.cn/guide/use/aliyun/)) - [Alibaba Cloud DNS Certificate Applications](https://awesome-repositories.com/f/devops-infrastructure/cloud-certificate-rotation/alibaba-cloud-dns-certificate-applications.md) — Automates SSL certificate application and validation through Alibaba Cloud DNS API. ([source](https://certd.docmirror.cn/guide/use/aliyun/)) - [Certificate Deployment Plugins](https://awesome-repositories.com/f/devops-infrastructure/deployment-targets/custom-deployer-implementations/certificate-deployment-plugins.md) — Ships a plugin system for creating custom certificate deployment targets. ([source](https://certd.docmirror.cn/guide/development/)) - [Multi-Tenant Topologies](https://awesome-repositories.com/f/devops-infrastructure/enterprise-deployment-solutions/multi-tenant-topologies.md) — Provides enterprise-level project management with role-based access control for multi-user environments. ([source](https://certd.docmirror.cn/guide/changelogs/CHANGELOG.html)) - [Multi-Tenant Hosting](https://awesome-repositories.com/f/devops-infrastructure/multi-tenant-hosting.md) — Operates each user independently with their own pipelines and authorized resources for SaaS operation. ([source](https://certd.docmirror.cn/guide/use/mode/enterprise.html)) - [Certificate Deployment Plugins](https://awesome-repositories.com/f/devops-infrastructure/provider-plugin-architectures/certificate-deployment-plugins.md) — Extends platform capabilities by implementing custom plugins for DNS validation, certificate deployment, and access authorization. - [Custom Script Executions](https://awesome-repositories.com/f/devops-infrastructure/server-side-hook-enforcement/custom-script-executions.md) — Runs user-defined scripts to perform arbitrary tasks such as calling APIs, executing system commands, or sending emails. ([source](https://certd.docmirror.cn/guide/use/custom-script/index.html)) ### Artificial Intelligence & ML - [Pipeline Step Plugins](https://awesome-repositories.com/f/artificial-intelligence-ml/ml-visualization-libraries/custom-plugin-development/plugin-creation-from-templates/pipeline-step-plugins.md) — Provides a template-based system for creating custom pipeline step plugins. ([source](https://certd.docmirror.cn/guide/use/dev/plugin.html)) ### Part of an Awesome List - [Multi-Tenant Project Organizers](https://awesome-repositories.com/f/awesome-lists/devops/collaboration-and-project-management/multi-tenant-project-organizers.md) — Organizes certificate pipelines across multiple users and enterprise projects with tenant isolation. ([source](https://cdn.jsdelivr.net/gh/certd/certd@v2/README.md)) ### Networking & Communication - [Certificate Status Notifications](https://awesome-repositories.com/f/networking-communication/broadcast-messaging-channels/automated-broadcasting/webhook-notification-channels/certificate-status-notifications.md) — Sends certificate status updates through email, webhook, WeCom, DingTalk, Feishu, and other messaging platforms. ([source](https://certd.docmirror.cn/guide/)) - [Challenge Delegation](https://awesome-repositories.com/f/networking-communication/dns-record-updaters/challenge-delegation.md) — Delegates DNS validation for subdomains to separate providers to avoid exposing parent zone credentials. ([source](https://certd.docmirror.cn/guide/use/cert/subdomain.html)) - [CNAME Proxy Certificate Applications](https://awesome-repositories.com/f/networking-communication/domain-name-systems/dns-record-verification/cname-challenge-resolution/cname-proxy-certificate-applications.md) — Uses a CNAME record on an unsupported domain to delegate DNS challenge verification to a supported domain, enabling automated certificate issuance. ([source](https://certd.docmirror.cn/guide/feature/cname/index.html)) ### Software Engineering & Architecture - [Custom Authorization Providers](https://awesome-repositories.com/f/software-engineering-architecture/custom-action-handlers/custom-action-authorizers/authorization-handler-extensions/custom-authorization-providers.md) — Provides a plugin system for adding custom authorization methods for new platforms. ([source](https://certd.docmirror.cn/guide/development/)) - [On-Demand Pipeline Executions](https://awesome-repositories.com/f/software-engineering-architecture/custom-action-handlers/on-demand-action-executions/on-demand-pipeline-executions.md) — Triggers the full certificate workflow immediately to test or apply changes without waiting for a schedule. ([source](https://certd.docmirror.cn/guide/start.html)) - [Certificate Deployment Plugins](https://awesome-repositories.com/f/software-engineering-architecture/integration-extensibility/extensibility/third-party-plugins/certificate-deployment-plugins.md) — Ships a plugin system for creating custom certificate deployment targets for external platforms. ([source](https://certd.docmirror.cn/guide/development/index.html)) ### System Administration & Monitoring - [Multi-User Account Systems](https://awesome-repositories.com/f/system-administration-monitoring/user-account-management/multi-user-account-systems.md) — Supports multi-user accounts with role-based access for collaborative certificate management. ([source](https://certd.docmirror.cn/guide/)) ### User Interface & Experience - [Cloud Platform Plugins](https://awesome-repositories.com/f/user-interface-experience/editor-plugins/extensible-platforms/cloud-platform-plugins.md) — Ships a plugin system for adding new cloud platforms with access, DNS, and deploy modules. ([source](https://certd.docmirror.cn/guide/development/))