Home>Programming related>Other source code
Download

Chinese | English

Warning

The current branch is next , which is a development branch of v0.3.x. It is not stable yet. Please do not use it in a production environment.

To access the previous version, please switch to main branch.

Certimate

Students who make personal products or are responsible for operation and maintenance in small businesses need to manage multiple domain names and apply for certificates for the domain name. However, manual application for certificates has the following disadvantages:

  1. ? Trouble: Although it is not difficult to apply for and deploy certificates, it is also quite troublesome, especially when maintaining multiple domain names.
  2. ? Yiwang: The current free certificate is valid for only 90 days, which requires regular operation. While increasing the workload, it is also easy to forget, resulting in inaccessibility of the website.

Certimate is created to solve the above problems. It has the following characteristics:

  1. Simple operation: Automatically apply, deploy, renew SSL certificates, no manual intervention is required throughout the process.
  2. Supports private deployment: The deployment method is simple, just download the binary file to execute. Binary files and Docker images are all generated using Github Actions. The process is transparent and can be audited by yourself.
  3. Data security: Since it is a private deployment, all data is stored locally and will not be stored on the server of the service provider to ensure data security.

Related articles:

  • V0.2.0 - The first version that is not backward compatible
  • Why Certimate?
  • Introduction to domain name variables and deployment authorization group

Certimate is designed to provide users with a secure and easy SSL certificate management solution. Please visit https://docs.certimate.me for use of the documentation

1. Installation

Installing Certimate is very simple, you can choose one of the following ways to install:

1. Binary files

You can download the pre-compiled binary file directly from the Releases page, and then unzip it and execute it: 

./certimate serve

Or run the following command to automatically add a certificate to Certimate itself 

./certimate serve 你的域名

Note

MacOS prompts when executing a binary file: "Certimate" cannot be opened because Apple cannot check whether it contains malware. You can click "Always Allow" in System Settings > Privacy & Security > Security, and try to execute the binary file again.

2. Docker installation 

mkdir -p ~ /.certimate && cd ~ /.certimate && curl -O https://raw.githubusercontent.com/usual2970/certimate/refs/heads/main/docker/docker-compose.yml && docker compose up -d

3. Source code installation 

git clone EMAIL:usual2970/certimate.git
cd certimate
make local.run

2. Use

After performing the above installation operation, visit http://127.0.0.1:8090 in your browser to access the Certimate management page. 

用户名:[email protected]
密码:1234567890

3. List of supported service providers

Service provider Support application certificate Support deployment of certificates Remark
Alibaba Cloud Domain names registered on Alibaba Cloud can be issued; they can be deployed to Alibaba Cloud OSS, CDN, and SLB
Tencent Cloud Domain names registered on Tencent Cloud can be issued; they can be deployed to Tencent Cloud COS, CDN, ECDN, CLB, TEO
Baidu Smart Cloud Can be deployed to Baidu Smart Cloud CDN
Huawei Cloud Domain names registered with Huawei Cloud can be issued; they can be deployed to Huawei Cloud CDN and ELB
Qiniu Cloud Can be deployed to Qiniu Cloud CDN
Doji Cloud Can be deployed to Dorje Cloud CDN
Volcanic Engine Domain names registered with volcano engines can be issued; they can be deployed to volcano engines Live and CDN
AWS Domain names that can be issued in AWS Route53 hosted
CloudFlare Domain names that can be issued with CloudFlare; CloudFlare services come with SSL certificates
GoDaddy Domain names that can be issued for registration in GoDaddy
NameSilo Domain names that can be issued for registration in NameSilo
PowerDNS Domain names that can be issued in PowerDNS hosted
HTTP Request Can issue domain names that allow modification of DNS through HTTP requests
Local deployment Can be deployed to local servers
SSH Can be deployed to an SSH server
Webhook Callback to the Webhook when deployable
Kubernetes Deployable to Kubernetes Secret

4. System screenshot

Five, concept

The workflow of Certimate is as follows:

  • Users fill in the information on applying for a certificate through the Certimate management page, including the domain name, the authorization information of the DNS service provider, and the authorization information of the service provider to be deployed to.
  • Certimate initiates an application request to the certificate vendor's API to obtain the SSL certificate.
  • Certimate stores certificate information, including certificate content, private key, certificate validity period, etc., and automatically renews the certificate when it is about to expire.
  • Certimate initiates a deployment request to the service provider's API and deploys the certificate to the service provider's server.

This involves domain names, DNS service provider authorization information, deployment service provider authorization information, etc.

1. Domain name

It is the domain name to apply for a certificate.

2. DNS service provider authorization information

To apply for a certificate for a domain name, you need to prove that the domain name is yours, so when we manually apply for a certificate, we generally need to add a TXT domain name resolution record to the domain name service provider's console resolution record.

Certimate will automatically add a TXT domain name resolution record. You only need to fill in the authorization information of your domain name service provider in the Certimate background.

For example, the domain name you purchased on Alibaba Cloud has the following authorization information: 

accessKeyId: your-access-key-id
accessKeySecret: your-access-key-secret

The authorization information for domain names purchased on Tencent Cloud is as follows: 

secretId: your-secret-id
secretKey: your-secret-key

Note that this authorization information must have management permissions to access domain names and DNS resolution. For the specific permission list, please refer to the technical documents of each service provider.

3. Deploy the service provider authorization information

After Certimate applies for a certificate, it will automatically deploy the certificate to the target you specified, such as Alibaba Cloud CDN. Certimate will find the corresponding CDN service based on the authorization information and domain name you fill in, and deploy the certificate to the corresponding CDN service.

The authorization information of the deployment service provider is basically the same as the authorization information of the DNS service provider. The difference is that the authorization information of the DNS service provider is used to prove that the domain name is yours, and the authorization information of the deployment service provider is used to provide authorization information for certificate deployment.

Note that this authorization information must have relevant management permissions to access the target service to deploy. For the specific permission list, please refer to the technical documents of each service provider.

6. Frequently Asked Questions

Q: Are SaaS services provided?

A: Not provided, currently only self-hosted (private deployment) is supported.

Q: Data security?

A: Since it only supports private deployment, all kinds of data are saved on the user's server. In addition, the Certimate source code is also open source. The binary package and Docker image packaging process are all carried out using Github Actions. The process is transparent and visible and can be audited by yourself.

Q: Automatic renewal of certificates?

A: The certificates that have been applied will be automatically renewed 10 days before expiration . Once a day, the certificate is checked whether it is about to expire. When it is about to expire, the certificate will be automatically reapplyed and deployed to the target service.

7. Contribution

Certimate is a free and open source project that uses the MIT open source protocol. You can use it to do whatever you want, and even provide it to users as a paid service.

You can support Certimate development in the following ways:

  • Submit code: If you find a bug or have new functional requirements and you have relevant experience, you can submit the code to us.
  • Submit Issue: You can submit Issue to us when you have a feature suggestion or bug.

Support more service providers, UI optimization and improvement, bug fixes, document improvement, etc., and everyone is welcome to submit PR.

8. Disclaimer

This software is published under the MIT License and is provided for free and is intended to be "as it is" for users to use. The authors and contributors shall not be liable for any direct or indirect consequences arising from the use of this software, including but not limited to performance degradation, loss of data, interruption of services, or any other type of damage.

No warranty: This software does not provide any warranty of any express or implied, including but not limited to warranties of fitness, non-infringement, commercial use and reliability for a particular purpose.

User Responsibility: By using this software, you understand and agree to assume all risks and responsibilities arising from it.

9. Join the community

  • Telegram-a new era of messaging
  • WeChat group chat (more than 200 people need to be invited to join the group, you can add the author’s friends first)

10. Star Trend Chart

Expand
Additional Information
Related Applications
Recommended for You
Related Information All