Certd® is a free, fully automated certificate management system that ensures your website certificates never expire. The suffix 'd' is inspired by the naming convention of Linux daemons, representing a certificate daemon.
We pioneered the pipeline-based certificate application and deployment model, which has been "referenced" by multiple projects. Being copied is also a form of success.
Regarding certificate renewal:
- In fact, it's impossible to renew or reissue a certificate without modifying the certificate file itself.
- What we refer to as renewal is essentially applying for a new certificate following the full process and redeploying it.
- Free certificates expire in 90 days, which may be shortened in the future. Therefore, automated deployment is essential.
The number of pipelines is now unlimited. Welcome to use it.
This project not only supports automated certificate application but also automated certificate deployment and updates, ensuring your certificates never expire.
-
Fully automated certificate application (supports domains registered with all registrars and multiple domain verification methods such as DNS-01, HTTP-01, and CNAME proxy).
-
Fully automated certificate deployment and updates (currently supports deployment to over 70 plugins, including hosts, Alibaba Cloud, Tencent Cloud, etc.).
-
Supports wildcard domains/pan-domains, allows multiple domains in a single certificate, and supports various certificate formats such as pem, pfx, der, and jks.
-
Multiple notification methods, including email, webhook, WeChat Work, DingTalk, Lark, and anpush.
-
On-premises deployment, local data storage, simple and quick installation. Images are built by Github Actions, with a transparent process.
-
Multiple security measures, including authorization encryption, site hiding, 2FA, and password brute-force protection.
-
Supports multiple databases such as SQLite, PostgreSQL, and MySQL.
-
Open API support.
-
Site certificate monitoring.
-
Multi-user management.
-
Multi-language support (Chinese and English switching).
-
Downward compatibility across all versions, with one-click worry-free upgrades.
Visit the official demo site and register to experience it.
Note: Data will be cleaned up irregularly, and scheduled tasks may be stopped. For production use, please deploy it yourself. The content contains sensitive information. Make sure to deploy it locally for production use.
Just 3 steps to ensure your certificates never expire.
After successful addition, you can directly run the pipeline to apply for a certificate.
Normally, we need to deploy certificates to applications. Certd supports a wide range of deployment plugins. You can choose based on your needs, such as deploying to Nginx, Alibaba Cloud, Tencent Cloud, K8S, CDN, Baota, 1Panel, etc.
Here's a demonstration of deploying certificates to a host's Nginx:
If the current deployment plugins don't meet your needs, you can also download them manually and deploy them yourself.
↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓ -------> Click here to view detailed usage steps <-------- ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
For more tutorials, please visit the official documentation certd.docmirror.cn.
Since certificates, authorization information, and other data are highly sensitive, please make sure to deploy them on-premises to ensure data security.
You can choose one of the following deployment methods based on your needs:
- 【Recommended】Docker Deployment
- 【Recommended】BT Panel Deployment
- 【Recommended】1Panel Deployment
- 【Recommended】Rainyun One-Click Deployment: Double your first recharge, only $2.2 per month.
- 【Not Recommended】Source Code Deployment
-
Domestic Image Addresses:
registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latestregistry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7,[version]-armv7
-
DockerHub Addresses:
https://hub.docker.com/r/greper/certdgreper/certd:latestgreper/certd:armv7,greper/certd:[version]-armv7
-
GitHub Packages Addresses:
ghcr.io/certd/certd:latestghcr.io/certd/certd:armv7,ghcr.io/certd/certd:[version]-armv7
-
Images are built automatically by
Actions, with a transparent process. Please use them with confidence.
Note:
- The certificates, authorization information, and other data stored in this application are highly sensitive. Please take appropriate security measures.
- Make sure to use the HTTPS protocol to access this application to avoid man-in-the-middle attacks.
- Make sure to use a web application firewall to protect this application from attacks such as XSS and SQL injection.
- Make sure to secure the server itself to prevent database leakage.
- Make sure to back up your data to avoid data loss.
- Click here for more production safety suggestions
SSL Assistant is a certificate deployment and management assistant client that runs on hosts. It supports automatic scanning of the host's Nginx configuration and pulling certificates from Certd for deployment. This tool is very useful when you don't want to expose your SSH host password.
Open-source Address: https://github.com/Youngxj/SSL-Assistant
Please visit the official documentation: https://certd.docmirror.cn/.
- Upgrade Method: Upgrade Guide
- Common Issues: Forgot Password
- Multi-Database: Multi-Database Configuration
- Site Security: Site Security Features
- Changelog: CHANGELOG
If you have any questions, feel free to join the group chat (please mention 'certd' in your message).
| Join Group | WeChat Group | QQ Group |
|---|---|---|
| QR Code |  |  |
You can also add the author as a friend.
| Add Author as Friend | WeChat QQ |
|---------|-------|-------|
| QR Code | 
|
Support open-source projects and contribute with love. I've joined Afdian. https://afdian.com/a/greper
Benefits of Contribution:
- Join the exclusive contributor group and get one-on-one technical support from the author.
- Your requests will be prioritized and implemented as professional edition features.
- Receive a one-year professional edition activation code.
Comparison of Professional Edition Privileges:
| Feature | Free Edition | Professional Edition |
|---|---|---|
| Free Certificate Application | Unlimited for free | Unlimited for free |
| Number of Domains | Unlimited | Unlimited |
| Number of Certificate Pipelines | Unlimited | Unlimited |
| Site Certificate Monitoring | Limited to 1 | Unlimited |
| Automatic Deployment Plugins | Most plugins such as Alibaba Cloud CDN, Tencent Cloud, QiNiu CDN, Host Deployment, Baota, 1Panel | Synology |
| Notifications | Email, Custom Webhook | Email without configuration, WeChat Work, DingTalk, Lark, anpush, ServerChan, etc. |
- For local development, please refer to the Plugin Contribution Guide.
- As a contributor, you agree that your contributed code is subject to the following license:
- The open-source license can be adjusted to be more or less restrictive.
- It can be used for commercial purposes.
Thank you to the following contributors.
- This project follows the GNU Affero General Public License (AGPL).
- Individuals and companies are allowed to use, copy, modify, and distribute this project freely for internal use. Any form of commercial use is prohibited without obtaining commercial authorization.
- Without commercial authorization, any modification of the logo, copyright information, and license-related code is prohibited.
- For commercial authorization, please contact the author.
| Project Name | Stars | Project Description |
|---|---|---|
| fast-crud |  | A fast CRUD development framework based on Vue3. |
| dev-sidecar |  | A tool to access GitHub directly without a VPN, solving the problem of inaccessible GitHub. |
