Help & Documentation

Learn how to use CertMate and manage your SSL certificates

CertMate Active API Available at /docs/

Getting Started

Quick start guide

DNS Providers

Supported providers

API Usage

REST API examples

Troubleshooting

Common issues

CA Providers

Certificate authorities

About CertMate

CertMate is a powerful SSL certificate management system designed for modern infrastructure. Built with multi-DNS provider support, Docker containerization, and comprehensive REST API, it's the perfect solution for managing certificates across multiple datacenters and cloud environments.

Key Features

  • • Zero-Downtime Automation
  • • Multi-Cloud Support (19 DNS providers)
  • • Enterprise-Ready with REST API
  • • Security-First approach
  • • Wildcard & Multi-Domain support

Benefits

  • • Automatic certificate renewal
  • • Multiple CA providers (Let's Encrypt, DigiCert, Private CA)
  • • Modern web dashboard
  • • Complete API control
  • • Docker & Kubernetes ready

Getting Started

First Steps

  1. Configure your DNS provider in Settings
  2. Add your domain(s) to manage
  3. Create your first SSL certificate
  4. Set up automatic renewal
  5. Configure backup settings for data protection

Creating Certificates

Use the Certificates page to:

  • • Add new domains
  • • Generate SSL certificates
  • • Monitor certificate status
  • • Download certificate files

Automatic Renewal

CertMate automatically:

  • • Checks certificates daily
  • • Renews 30 days before expiry
  • • Updates certificate files
  • • Maintains service availability
  • • Creates automatic backups

Certificate Authority (CA) Providers

CertMate supports multiple Certificate Authority providers, allowing you to choose the best CA for your needs.

Let's Encrypt Free

Free, automated SSL certificates with 90-day validity and automatic renewal.

  • Cost: Free
  • Validation: Domain Validation (DV)
  • Wildcard: ✅ Supported
  • Rate Limits: 50 certs/week
  • Best For: Most use cases

DigiCert ACME Enterprise

Enterprise-grade certificates with Extended Validation options and premium support.

  • Cost: Paid plans
  • Validation: DV, OV, EV
  • Wildcard: ✅ Supported
  • EAB Required: ✅ Yes
  • Best For: Enterprise, compliance

Private CA Custom

Internal or corporate Certificate Authorities for private networks and development.

  • Cost: Varies
  • Validation: Custom
  • Wildcard: ✅ Usually supported
  • ACME Required: ✅ Yes
  • Best For: Internal networks, dev

CA Provider Configuration

  1. Go to Settings and scroll to "Certificate Authority (CA) Providers"
  2. Select your default CA provider from the dropdown
  3. Fill in the required configuration fields for your chosen CA
  4. Click "Test CA Connection" to verify the configuration
  5. Save settings once the test succeeds

💡 Tip: You can override the default CA when creating individual certificates.

Supported DNS Providers

CertMate supports 19 DNS providers for automated certificate validation. The most popular providers are listed first.

Supported DNS Providers

Cloudflare
Route53
DigitalOcean
Azure DNS
Google DNS
PowerDNS
RFC2136
Linode
Vultr
Hetzner
Gandi
OVH
Namecheap
Porkbun
GoDaddy
DNS Made Easy
NS1
Hurricane Electric
Dynu

All 19 providers are available - install additional providers via requirements-extended.txt

API Usage & Examples

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer your_api_token_here

Certificate Operations

List Certificates
GET /api/certificates
Create Certificate
POST /api/certificates/create
Renew Certificate
POST /api/certificates/{domain}/renew
Download Certificate
GET /{domain}/tls

cURL Examples

# Create certificate
curl -X POST "http://localhost:8000/api/certificates/create" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'
# Download certificate
curl -H "Authorization: Bearer YOUR_TOKEN" \
-o example.com.zip \
http://localhost:8000/example.com/tls

Complete API Documentation

Explore the full interactive API documentation with examples and testing capabilities:

Swagger UI (/docs/) ReDoc (/redoc/)

Troubleshooting

Common Issues

DNS Provider Authentication Failed
• Double-check your API credentials in Settings
• Ensure API tokens have proper DNS permissions
• Verify domain is managed by the configured DNS provider
Certificate Creation Timeout
• DNS propagation can take up to 10 minutes
• Check DNS records are properly configured
• Ensure domain points to correct nameservers
Let's Encrypt Rate Limits
• Maximum 20 certificates per domain per week
• Wait for rate limit window to reset
• Use staging environment for testing

Health Checks

• Service Status: /health
• API Connectivity: /docs/
• Certificate Status: Dashboard

Getting Help

• Check logs in Docker/service manager
• Verify DNS provider connectivity
• Test with simple domain first
• Review API documentation
Report Issue on GitHub

Advanced Features

Certificate Types

  • Single Domain: example.com
  • Wildcard: *.example.com
  • Multi-Domain (SAN): example.com, www.example.com
  • Combined: example.com, *.example.com

Automation Features

  • • Automatic renewal 30 days before expiry
  • • Health monitoring and deployment checks
  • • API-driven certificate management
  • • Bulk operations for multiple domains

Certificate Downloads

  • ZIP Bundle: All files in one archive
  • Individual Files: cert.pem, chain.pem, etc.
  • Full Chain: Certificate + intermediate
  • Private Key: Secure key file

Security Features

  • • Bearer token API authentication
  • • Secure file permissions (600/700)
  • • Environment variable credential storage
  • • Audit logging for all operations

Multi-Account DNS Provider Support

Configure multiple accounts for the same DNS provider to support enterprise environments, permission separation, and multi-tenant setups.

Benefits

  • Organization Separation: Different accounts for production, staging, and development
  • Client Management: Separate Cloudflare accounts for different clients
  • Permission Isolation: Limit API token scope to specific domains or zones
  • Team Collaboration: Multiple team members with their own credentials
  • Backup Redundancy: Fallback accounts for high availability

How to Configure Multiple Accounts

1. Add New Account
  • • Go to Settings and select your DNS provider
  • • Click the "Add Account" button
  • • Enter account name, credentials, and optional description
  • • Choose whether to set as default account
2. Manage Accounts
  • • Edit account details and credentials
  • • Set or change the default account
  • • Delete unused accounts
  • • View account count indicator
3. Use During Certificate Creation
  • • Select DNS provider in certificate creation form
  • • Choose specific account or leave blank for default
  • • Account selection appears automatically for multi-account providers

Backward Compatibility

Existing single-account configurations continue to work unchanged. The system automatically migrates them to multi-account format when you add additional accounts.

API Support

Certificate creation with specific account:

POST /api/certificates/create { "domain": "example.com", "dns_provider": "cloudflare", "account_id": "production" }

Backup & Recovery

CertMate provides comprehensive backup and restore capabilities with unified backup system, ensuring your data is protected and recoverable with atomic consistency.

Automatic Backups

Unified Backup System
  • • Triggered automatically on configuration changes
  • • Creates atomic snapshots of settings and certificates
  • • Includes DNS provider settings and accounts
  • • Saves domain configurations and all certificate files
  • • Ensures data consistency between settings and certificates
  • • Compressed ZIP format for efficient storage

Manual Backups

Create backups on-demand from the Settings page:

Create Backup

Click "Create Backup" to create a unified backup containing both current configuration (DNS providers, domains, application settings) and all certificates with their files. This ensures complete atomic consistency between settings and certificates.

Backup Management

Download & Restore
  • • View all backups in the Settings page
  • • Download backups for external storage
  • • Restore from any previous backup atomically
  • • Preview backup contents and metadata
  • • Automatic pre-restore backup creation
Retention Policy
  • • Automatic cleanup of old backups
  • • Configurable retention period
  • • Keeps last 10 backups by default
  • • Manual deletion of specific backups

Best Practices

  • • Create manual backups before major configuration changes
  • • Download important backups to external storage systems
  • • Test backup restoration in a staging environment
  • • Monitor backup creation for any failures
  • • Keep multiple generations of backups for different restore points
  • • Use unified backups for guaranteed data consistency