Settings

Configure your DNS provider credentials and preferences

ACME Challenge Type

DNS-01

Requires DNS provider credentials. Supports wildcards.

HTTP-01

Domain must point to this server. No wildcards.

Azure DNS Configuration

Subscription ID

Resource Group

Tenant ID

Client ID

Client Secret

Create a Service Principal with DNS Zone Contributor role for your DNS zones.

RFC2136 DNS Configuration

Nameserver

TSIG Key Name

TSIG Secret

TSIG Algorithm (Optional)

Configure RFC2136 dynamic DNS updates for BIND or compatible DNS servers.

Certificate Authority (CA) Providers

Default Certificate Authority

Select the default CA for new certificate requests. You can override this per-certificate.

Let's Encrypt Configuration Free

Environment

Email (for notifications)

Let's Encrypt provides free SSL certificates with automated renewal.

Private CA Configuration Custom

ACME Directory URL *

Common examples:
• step-ca: https://step-ca.internal.com:9000/acme/directory
• Smallstep: https://ca.example.com/acme/directory
• Boulder: https://boulder.local:4001/acme/directory

CA Certificate (PEM format) - Optional

Upload your private CA root certificate if using self-signed or internal CA

External Account Binding (EAB) Key ID - Optional

External Account Binding (EAB) HMAC Key - Optional

Email (for notifications) *

Configure your private or corporate CA. Supports ACME-compatible CAs like step-ca, Smallstep, Boulder, and others.
🚀 Quick Start:
1. Enter your CA's ACME directory URL above
2. Enter your email address
3. Click "Test CA Connection" to verify
4. Save settings once test succeeds

Select a CA provider and fill in required fields, then test the connection

Certificate Management Settings

Enable automatic certificate renewal

Automatically renew certificates when they approach expiration

Certificate Renewal Threshold (days)

Renew certificates when they have this many days left before expiration (default: 30 days)

Cache TTL (seconds)

How long to cache DNS responses (default: 300 seconds)

API Security Settings

API Bearer Token

Token used for API authentication. Required for API access after initial setup.

Certificate Storage Backend

Storage Backend Type

Choose where to store your SSL certificates. Local filesystem is the default and most compatible option.

Local Filesystem Storage

Certificate Directory

Certificates are stored locally in the specified directory with secure file permissions.

Azure Key Vault Configuration

Vault URL

Tenant ID

Client ID

Client Secret

Certificates will be stored as secrets in Azure Key Vault with enhanced security and audit capabilities.

AWS Secrets Manager Configuration

Region

Access Key ID

Secret Access Key

Certificates will be stored in AWS Secrets Manager with automatic encryption and access logging.

HashiCorp Vault Configuration

Vault URL

Vault Token

Mount Point

Engine Version

Certificates will be stored in HashiCorp Vault's KV secrets engine with versioning and audit capabilities.

Infisical Configuration

Site URL

Project ID

Client ID

Client Secret

Environment

Certificates will be stored in Infisical with end-to-end encryption and team collaboration features.

Test connection before saving settings

Enable Notifications

Send alerts for certificate events

To Addresses (comma-separated)

Weekly Digest

Summary email every Sunday at midnight (requires SMTP)

Enable Deploy Hooks

Run shell commands after certificate issuance or renewal

No executions yet

Time	Hook	Domain	Event	Status	Duration

Authentication is disabled

Anyone with network access can manage certificates and settings. Enable Local Authentication below and create an admin user to secure your instance.

Enable Local Authentication

Require username/password login for web access

Add New User

Username

Password

Email (optional)

Role

Existing Users

Loading users...

Expiration (optional)

API Key Created

Copy this token now. It will not be shown again.

Unified Backups (Recommended) Atomic

Loading unified backups...

Account Name *

Description (optional)

Set as default account

Edit Account

Account Name *

Description (optional)

Set as default account

Settings

Multi-Account Support Advanced

Single Account Providers Standard

Cloudflare Configuration

AWS Route53 Configuration

Azure DNS Configuration

Google Cloud DNS Configuration

PowerDNS Configuration

DigitalOcean DNS Configuration

Vultr DNS Configuration

Linode DNS Configuration

Gandi DNS Configuration

OVH DNS Configuration

Namecheap DNS Configuration

RFC2136 DNS Configuration

Hetzner DNS Configuration

Porkbun DNS Configuration

GoDaddy DNS Configuration

Hurricane Electric DNS Configuration

Dynu DNS Configuration

Let's Encrypt Configuration Free

DigiCert ACME Configuration Enterprise

Private CA Configuration Custom

Local Filesystem Storage

Azure Key Vault Configuration

AWS Secrets Manager Configuration

HashiCorp Vault Configuration

Infisical Configuration

Notification Settings

Deploy Hooks

User Management

Authentication is disabled

Add New User

Existing Users

API Keys

Create New API Key

API Key Created

Existing Keys

Backup & Restore

Create Backup

Backup Information

Existing Backups

Unified Backups (Recommended) Atomic

Add Account

Edit Account