shankar0123

shankar0123 / certctl

Public

A self-hosted certificate lifecycle platform. Track, renew, and deploy TLS certificates across your infrastructure with a web dashboard, REST API, and agent-based architecture where private keys never leave your servers.

github.comshankar0123certctl certificate-lifecycle-management
16
0
100% credibility
Found Mar 17, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Self-hosted platform for tracking, renewing, and deploying TLS certificates across infrastructure using a web dashboard and on-server agents that keep private keys local.

How It Works

1
🔍 Discover certctl

You find this helpful tool to easily keep track of all your website security certificates without headaches.

2
🚀 Start it up

Follow the simple guide to get the dashboard running on your computer in minutes, complete with example data to play with.

3
📊 See your certificates

Open the colorful web dashboard to view your full list of certificates, their expiry dates, health status, and who owns them.

4
🔗 Connect a certificate maker

Add a trusted certificate authority like your own or a free service so it can create new ones when needed.

5
🛡️ Add your certificates

Enter details for your websites or servers, assign owners and teams, and let it watch for expiry risks.

6
🤖 Place helpers on servers

Install lightweight helpers on your servers to securely handle renewals and updates without sharing private info.

7
Renew and deploy automatically

Watch as it spots expiring certificates, renews them safely, and pushes updates to your servers.

🎉 Certificates always fresh

Relax knowing your sites stay secure with automatic renewals, alerts, and full activity logs at your fingertips.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is certctl?

certctl is a self-hosted certificate lifecycle platform in Go with a React web dashboard and REST API. It tracks TLS certificate inventories, automates renewals via ACME (Let's Encrypt) or local CAs, and deploys to NGINX, F5 BIG-IP, or IIS using agents that generate keys locally—private keys never leave your servers. Ditch manual expiry hunts and CRL skipping with untrusted certs; get expiry timelines, job queues, notifications, policies, and audit logs in one view.

Why is it gaining traction?

Agent architecture keeps keys secure on-edge, standing out from cloud PAMs or basic self-hosted CAs. Quick Docker Compose spin-up loads demo certs/agents for instant eval, plus 55 API endpoints for automation. Handles full lifecycle—issue CSRs, renew, deploy—without "certctl command not found" headaches on pfSense or FreeBSD.

Who should use this?

DevOps/SREs managing multi-server TLS fleets, self-hosted cert authority fans on Docker/GitHub Actions, pfSense/FreeBSD users needing reliable renewal/deploy. Ideal for teams wanting Bitwarden-style self-hosted certificate managers with monitoring and no vendor lock-in.

Verdict

Solid early contender at 16 stars and 1.0% credibility score—active dev, strong docs/demo, 220+ tests—but unproven at scale. Spin the Docker stack; if it fits your self-hosted cert needs, contribute to push v1.0.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.