30 open-source projects similar to jetstack/cert-manager, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cert Manager alternative.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a
Allinssl is a multi-platform certificate manager and ACME automator designed to handle the full lifecycle of security certificates. It provides a web-based management interface to orchestrate the issuance, renewal, and deployment of certificates across various servers and cloud environments. The system distinguishes itself through an orchestration engine that pushes certificates to diverse targets, including web application firewalls, server control panels, and remote hosts. It automates domain ownership verification using DNS challenges across multiple providers and employs an event-driven w
Lego is an ACME certificate manager and lifecycle tool used to automate the request, renewal, and revocation of SSL and TLS certificates. It implements the ACME protocol to communicate with compliant certificate authorities and manages the full issuance process, including account registration and private key rollovers. The project distinguishes itself through extensive DNS automation, utilizing a provider-based abstraction to solve DNS-01 challenges across various third-party DNS providers. It supports advanced verification workflows such as CNAME-based challenge delegation, DNS zone discover
Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre
This project is a command-line tool for managing public key infrastructure and digital identities. It provides a comprehensive suite for X.509 certificate lifecycle management, including the generation, signing, renewal, and revocation of certificates and signing requests. The tool distinguishes itself through specialized security capabilities such as binding cryptographic credentials to TPMs and HSMs for hardware-backed identity attestation. It also provides dedicated support for machine identity security, using short-lived SSH certificates and mTLS to secure non-human workloads. Broad capa
Certmagic is a Go library for automating the issuance and renewal of TLS certificates. It functions as an automatic HTTPS provisioner and ACME client that handles the full lifecycle of certificates to ensure secure connectivity without manual intervention. The library is distinguished by its support for on-demand TLS provisioning, which generates certificates dynamically during the TLS handshake based on the server name. It also provides automation for wildcard certificates through DNS challenge verification and integrates with the ZeroSSL API for certificate acquisition. The project covers
Automate SSL/TLS certificates on Windows with ease
acme.sh is a shell-based certificate manager and ACME SSL certificate client. It automates the issuance, renewal, and installation of digital security certificates using a portable Unix shell script to remove dependencies on heavy runtime environments. The project specializes in automated domain ownership verification through a DNS challenge automator that integrates with provider APIs. It supports the generation of diverse certificate types, including wildcard certificates and issuance based on pre-existing certificate signing requests. The tool covers the full certificate lifecycle, includ
This project is a command-line tool that automates the entire lifecycle of security certificates using standard domain validation protocols. It functions as a background service to manage the issuance, renewal, and installation of certificates, ensuring that encrypted web traffic remains active without requiring manual intervention. The tool distinguishes itself through extensive support for automated domain ownership verification, including the ability to issue wildcard certificates by programmatically interacting with external domain name system providers. It provides flexible validation op
ProxySU is a Windows desktop application that automates the deployment and management of proxy services on a Linux VPS. It combines single-click installation of multiple proxy protocols, including V2ray, Xray, Trojan, and Shadowsocks, with automatic SSL/TLS certificate provisioning and renewal through Let's Encrypt. The tool distinguishes itself by handling the full lifecycle of proxy server setup from a Windows environment, using SSH key-based authentication for secure, passwordless remote access. It also includes network optimization capabilities, such as activating the BBR TCP congestion c
Devtron is a Kubernetes management platform and CI/CD orchestrator designed to unify application lifecycles and infrastructure operations across multiple clusters from a single interface. It serves as a centralized dashboard for orchestrating workloads, managing security, and providing observability for Kubernetes environments. The platform distinguishes itself with a no-code workflow engine for automating container builds and software delivery pipelines, alongside a visual GitOps deployment tool for managing declarative applications and reconciling configuration drift. Its capability surfac
dnmp is a containerized web development environment that provisions a full LNMP stack consisting of Nginx, MySQL, PHP, and Redis. It serves as a management system for coordinating web server routing, language runtime versions, database administration, and SSL certificate provisioning within Docker containers. The project distinguishes itself through a comprehensive PHP runtime manager that allows for switching between multiple language versions and managing extensions in isolated environments. It includes an automated SSL certificate manager that uses webroot validation to provision and renew
Cilium is a networking, security, and observability platform for containerized environments that leverages kernel-level data paths to process traffic. By executing programs directly within the Linux kernel, it provides high-performance packet filtering, routing, and load balancing without the need for traditional user-space proxies or context switching. The platform distinguishes itself through identity-based security enforcement, which filters traffic based on service labels rather than volatile IP addresses. It integrates containerized workloads with external physical or virtual infrastruct
Certbot is a command-line client designed to automate the lifecycle of digital security certificates. By implementing the ACME protocol, it manages the communication between a local server and a certificate authority to verify domain ownership and issue transport layer security certificates without manual intervention. The tool distinguishes itself through a modular plugin architecture that allows it to interact directly with various web server configurations and DNS providers. This framework enables the software to perform automated domain validation, modify server settings, and configure vi
This project is a curated collection of deployment files and configurations for hosting a wide variety of open-source services on a home server. It primarily utilizes Docker and Docker Compose to automate the orchestration, lifecycle management, and deployment of containerized applications. The repository provides a comprehensive suite for self-hosted infrastructure, covering network management tools, media streaming, and home automation. It includes specialized configurations for securing internal services via reverse proxies, WireGuard VPN tunnels, and automated SSL/TLS certificate manageme
jx is a GitOps delivery platform and Kubernetes CI/CD orchestrator designed to automate the building and deployment of applications. It functions as a cloud native pipeline manager that executes container-based build and deployment sequences using a catalog of reusable tasks. The project distinguishes itself through the automated orchestration of preview environments, which are created and destroyed based on pull request activity to enable validation before merging. It employs a GitOps-based state synchronization model to maintain the desired state of clusters by polling git repositories and
Kubeasz is an automation framework designed for the lifecycle management of production-grade Kubernetes clusters. It functions as an Ansible-based provisioner that orchestrates the installation, scaling, and maintenance of cluster components across distributed Linux nodes. By utilizing inventory-driven management and role-based task modularization, the project ensures that infrastructure configurations remain consistent and reproducible across diverse environments. The platform distinguishes itself through its focus on automated system administration and operational continuity. It provides bu
Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific
This project is an API gateway and ingress controller designed to manage traffic, security, and service connectivity within Kubernetes environments. It operates as a controller that monitors cluster state to reconcile gateway configurations with desired infrastructure definitions, ensuring that network policies and routing rules remain consistent across distributed deployments. The system distinguishes itself through a modular request pipeline that allows for the injection of custom logic to handle transformations, security checks, and logging. It supports declarative infrastructure managemen
Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o
Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of
This project is an automated SSL certificate manager and orchestrator for Nginx proxy configurations. It functions as an ACME protocol client that handles the request, issuance, and renewal of security certificates for web services running in containers. The system monitors Docker container lifecycle events to automatically provision certificates based on assigned hostnames. It automates the full certificate lifecycle, including domain ownership validation and the issuance of specialized wildcard or multi-domain certificates. The tool manages security through both HTTP and DNS challenge reso
This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance, signing, and management of TLS certificates and private keys. It includes a command-line utility for generating certificate signing requests, bundling certificate chains, and parsing PEM or DER files. The system features an HTTP API server that allows for remote signing and verification of certificates using JSON requests and responses. This architecture supports automated certificate provisioning and includes a signing proxy to forward requests to remote backend services. The
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish
Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte
This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu
HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L