What's included

Simple, Professional and Powerful Automated Certificate Management

Install on your server, select the domains you need and let Certify The Web handle requesting, deploying and renewing your SSL/TLS certificates automatically — for one server or several thousand.

Features described here apply to v6.0 or higher.

Easy Setup

Install on any supported version of Windows Server and start managing certificates in minutes.

Set-and-Forget Auto-Renewal

Simple certificate requests, authorization, deployment and auto-renewal with early warnings if renewal fails.

Built for IIS & Windows

Ideal for Windows Servers running IIS, but fully usable with any other service that uses certificates.

Any Scale

Manage one certificate or several thousand across your organization from a single interface.

All Certificate Types

Single domain, multi-domain (SAN) or wildcard certificates — including IP address certificates.

Any ACME Certificate Authority

Works with Let’s Encrypt and any public or private CA that supports ACME v2.

Deployment Tasks

Zero-scripting automation for Exchange, RDS, Apache, nginx, Tomcat, Azure Key Vault, SSH/SFTP and more.

DNS Validation & Wildcards

Over 36 DNS provider integrations including Cloudflare, AWS Route53, Azure DNS and GoDaddy.

Modern ACME & Scalable Storage

Supports ARI, ACME Profiles and optional SQL Server or PostgreSQL data stores for large-scale management.

How it works

How Certificate Automation Works

Services use DV certificates to prove they’re genuine and to encrypt communications. Certificate Authorities require you to regularly prove control of your domains.

Services associated with a domain (websites, mail servers, remote access etc.) use DV (Domain Validated) certificates to prove the service is genuine and to encrypt communication between the end-user and the server.

Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as Let’s Encrypt, who then issues a new certificate for your domain with a short expiry date.

Read the documentation
Certificate automation overview diagram
Managing Certificates

Full Control Over Your Certificates

Flexible domain management, detailed renewal previews and your choice of Certificate Authority.

Certify The Web main application window

Simple, Powerful Management

Get a clear overview of all your managed certificates at a glance. The app guides you through setup, renewal and deployment with a clean and intuitive interface.

  • Detailed preview of the certificate request process and planned deployment steps
  • Status at a glance with zero-config renewal failure notifications
  • Licensed installs can report to your centralized dashboard for multi-server monitoring

Manage Certificate Domains

Each certificate may cover multiple domains. Easily add or remove domains and auto-populate the list from existing website bindings (e.g. IIS).

Depending on the Certificate Authority you choose, your certificate can include a single domain, multiple domains (SAN) or domain wildcards (e.g. *.certifytheweb.com) to cover multiple sites or services.

Choose domains screenshot
Certificate authority selection screenshot

Your Choice of Certificate Authorities

The most common automated Certificate Authority is Let’s Encrypt, a free CA (letsencrypt.org). You can also choose from other ACME CAs such as BuyPass Go SSL, DigiCert or a custom CA (such as smallstep or Keyon true-Xtender).

Each Managed Certificate can use a different Certificate Authority and you can mix Production and Staging (Test) certificates.

Domain Validation

Multiple Ways to Validate Your Domain

Certificate Authorities require you to prove you control the domain you’re requesting a certificate for. This complex process is handled automatically.

DNS challenge configuration screenshot

Automated DNS Challenge Response

Certify The Web supports over 36 different DNS APIs and automation methods, including acme-dns and custom scripting. Popular DNS providers include Cloudflare, AWS Route53, Azure DNS and GoDaddy.

If you require a wildcard certificate, most Certificate Authorities require DNS-based domain validation.

Automated HTTP Challenge Response

Our built-in dynamic HTTP challenge server serves challenge responses to the Certificate Authority (via port 80) without requiring HTTP bindings on your website and without interrupting normal traffic.

When port 80 is in use by a non-http.sys based service (such as Apache httpd) you can fall back to serving challenge responses via your web server. Validation methods can be mixed within a single certificate order as required.

HTTP challenge configuration screenshot
Deployment

Powerful Deployment Options

Whether you need simple auto-deployment to IIS or advanced deployment to other services and remote servers, Certify The Web has you covered.

Automated deployment screenshot

Automated Deployment

Let the app auto-renew certificates and automatically deploy them to the services that use them. The default Auto Deployment applies your certificate to applicable IIS websites, or you can use Deployment Tasks to apply certificates to a range of other services.

Deployment Tasks

Deployment Tasks are a powerful way to make use of the certificates you manage. Deploy and use your certificate in an unlimited number of ways:

  • MS Exchange, Remote Desktop Services
  • Microsoft Azure Key Vault
  • Central Certificate Store (CCS) via local or UNC paths
  • Apache, nginx, Tomcat and other services using PEM/CRT/chain files
  • SFTP and SSH support
  • Custom PowerShell or Linux shell scripts
View all Deployment Tasks
Deployment tasks screenshot
Preview tab screenshot showing planned steps Preview tab screenshot showing deployment tasks

Preview Renewals Before They Run

The Preview tab shows the planned actions for the next certificate request or automatic renewal, including:

  • Domains to be included in the certificate
  • How domain validation will occur
  • Automated IIS website bindings to be applied
  • All configured Deployment Tasks
More Features

Dark Mode & More

Dark Mode

And last but not least, there’s Dark Mode — the easy on the eye, and arguably much cooler, alternative to Light mode.

Many other advanced features help your organization work with certificates at scale, including STIR/SHAKEN certificate support for Secure Telephone Identity, optional SQL Server or PostgreSQL data stores for large-scale deployments, and modern ACME features such as Automated Renewal Information (ARI) and ACME Profiles.

Switching between light and dark mode

Get Started in Minutes

The free Community Edition is intended for evaluation and manages up to 5 certificates per server. Purchase a license key to manage many certificates and gain access to our support email helpdesk. Check out the documentation to explore all features.

System requirements: Windows 64-bit, OS must be supported for .NET 10 (no extra .NET install is required) Let’s Encrypt certificates expire every 90 days — auto-renewal is enabled by default.