This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
SSL certificates expire. When they do, your site goes down and your phone rings at 2am. CertKit fixes that. It issues certificates from Let's Encrypt, deploys them to your servers with the CertKit Agent, and verifies the right certificate is actually running on every system. One setup, no per-server configuration, no cron jobs. Works with Windows, Linux, Apache, Nginx, IIS, and more. Free 90-day trial, no credit card.
We've been working in web infrastructure for a long time, and certificates have always been the thing that bites you when you least expect it. Not because they're hard, but because they require someone to remember, someone to act, and then someone to verify it actually worked. That chain breaks constantly.
For a long time, a lot of us just did it manually. Buy a cert, copy it to every server that needed it, set a calendar reminder for 11 months later. That worked well enough when certificates lasted a year. It's not going to work when lifetimes drop to 47 days, which is where things are heading.
Certbot solved the issuance problem really well. If you have a Linux server and a public-facing domain, Certbot renewals are enough. But the limitation is that ACME has to run on every machine. Every machine is open to the internet or making DNS changes. And Certbot doesn't handle distribution or monitoring at all. How do you push one certificate to a 3 server web farm? "Just write a script", great thanks.
CertKit starts from a different place. ACME is handled centrally in one place. Certificates are pushed to your servers with a small agent. One dashboard showing every certificate across your infrastructure, what's deployed where, and whether the right cert is actually running based on the thumbprint we check externally.
I also wanted to get the security model right. Most tools ask for DNS API credentials to handle validation. CertKit uses a delegated CNAME record instead. You set it up once and we never need access to your DNS provider again. Here's a full rundown on how it works.
I've been running this in beta with a few hundred companies for the past year. We keep expanding our integration capability, but once its deployed, our users dont think about certificates again. That's exactly what I was going for. We're thrilled to launch out of our beta today.
CertKit was submitted on Product Hunt and earned 2 upvotes and 1 comments, placing #93 on the daily leaderboard. SSL certificates expire. When they do, your site goes down and your phone rings at 2am. CertKit fixes that. It issues certificates from Let's Encrypt, deploys them to your servers with the CertKit Agent, and verifies the right certificate is actually running on every system. One setup, no per-server configuration, no cron jobs. Works with Windows, Linux, Apache, Nginx, IIS, and more. Free 90-day trial, no credit card.
CertKit was featured in SaaS (41.6k followers), Developer Tools (511.1k followers) and Security (2.6k followers) on Product Hunt. Together, these topics include over 110.4k products, making this a competitive space to launch in.
Who hunted CertKit?
CertKit was hunted by Todd H. Gardner. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how CertKit stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Todd H. Gardner
We've been working in web infrastructure for a long time, and certificates have always been the thing that bites you when you least expect it. Not because they're hard, but because they require someone to remember, someone to act, and then someone to verify it actually worked. That chain breaks constantly.
For a long time, a lot of us just did it manually. Buy a cert, copy it to every server that needed it, set a calendar reminder for 11 months later. That worked well enough when certificates lasted a year. It's not going to work when lifetimes drop to 47 days, which is where things are heading.
Certbot solved the issuance problem really well. If you have a Linux server and a public-facing domain, Certbot renewals are enough. But the limitation is that ACME has to run on every machine. Every machine is open to the internet or making DNS changes. And Certbot doesn't handle distribution or monitoring at all. How do you push one certificate to a 3 server web farm? "Just write a script", great thanks.
CertKit starts from a different place. ACME is handled centrally in one place. Certificates are pushed to your servers with a small agent. One dashboard showing every certificate across your infrastructure, what's deployed where, and whether the right cert is actually running based on the thumbprint we check externally.
I also wanted to get the security model right. Most tools ask for DNS API credentials to handle validation. CertKit uses a delegated CNAME record instead. You set it up once and we never need access to your DNS provider again. Here's a full rundown on how it works.
I've been running this in beta with a few hundred companies for the past year. We keep expanding our integration capability, but once its deployed, our users dont think about certificates again. That's exactly what I was going for. We're thrilled to launch out of our beta today.
Happy to answer any questions.