
Show HN: Certera – A central validation server for Let's Encrypt certificates - certera
https://docs.certera.io
======
certera
Hi HN!

Certera is a central validation server for Let's Encrypt certificates. It's a
cross platform, self-hosted web application. With Certera, you can centralize
all of your LE certificates and keys, monitor certificates and receive
notifications for cert changes and expirations. It will also help you stay
within LE quota limits. Check out the docs for more details and screenshots.
It's currently in beta as I'm looking for folks to start using and provide
some feedback.

I created this because I had been using various ACME clients and occasionally
a change here and there could cause things to break. Or, a cert would be on a
system that I didn't know about and the cert would expire without anyone
knowing about it. The biggest driver was making it simpler to use LE certs
behind load balancers since Certera separates acquiring certificates and
applying them. The idea is that you use Certera to acquire certificates, then
use the API provided to retrieve the certs and keys to apply them. Currently,
it only works with HTTP-01 validation (and redirects). I'm planning on adding
DNS-01 validation and some hooks to make certificate automation much better
when it comes to client certificates (i.e. rotating SSO certificates or
certificates used for securing endpoints).

[https://certera.io](https://certera.io) (landing page)
[https://docs.certera.io](https://docs.certera.io) (docs)
[https://github.com/certera-io/certera](https://github.com/certera-io/certera)
(code)

I struggled a lot with the licensing and settled on something that's not "open
source"; it's source available. It is free for personal use, nonprofits and
small organizations (< $1M in revenue). It's free for all during the beta. 10%
of all revenue will be shared back to projects used to build Certera, the
breakdown is in the docs.

Some principles I've tried to follow while building this: \- Perpetual license
only. I'm kind of burned out with subscriptions. \- The least amount of
Javascript I could get away with. There are no frameworks. All in all, less
than 10 lines of plain vanilla JS.

Thanks for reading and let me know what you think!

------
toomuchtodo
What backends do you support for secure artifact (certs and keys) storage?

~~~
certera
The certera web app will run on Windows and Linux. It can also be made to work
for mac, but it's not yet compiled for that.

~~~
toomuchtodo
Sorry, I should've been more clear. Do you support AWS parameter store,
Hashicorp Vault, and other secret storage systems versus keeping sensitive
data locally on disk where your app is running?

~~~
certera
Ah, apologies, I should have been able to figure that out. As it stands, it
currently only stores on the machine where the app runs.

I have put thought into storing it into something like an HSM as I think that
would only raise the confidence, trust and security of Certera. I have that
written down as something to pursue in future versions!

