CertLocker owns the full cert lifecycle. Issue, track, renew, rotate, and revoke certificates automatically. No spreadsheets. No calendar reminders. No 3am incidents.
Every certificate — name, domain, group, status, and expiry — searchable in one place.
A spreadsheet with 10 certs is manageable. At 50 certs across multiple environments, something always falls through. At 200+, it's guaranteed to fail.
The person who set the reminder left the company. The renewal got pushed to "next sprint." The cert expired over a holiday weekend.
Even when someone remembers to renew, the new cert still has to land on the right server. Missing that step means the renewal accomplished nothing.
Read more: Why TLS certificates keep expiring — and how to fix it
Request a cert from your CA (Let's Encrypt, internal CA, or commercial). CertLocker handles ACME challenges and stores the result securely.
Every cert in your infrastructure is monitored. Expiry dates, assigned targets, rotation history — all visible in one dashboard.
30 days before expiry, renewal triggers automatically. No human required. New cert is issued and queued for delivery.
The renewed cert is pushed to — or pulled by — every target that uses it. Services reload. Done. See delivery details.
Each machine that needs to fetch a certificate gets a unique access token scoped to that specific cert. A compromised node can never access other certs in your account. This is the foundation of our security model.
Every issuance, renewal, delivery, and revocation is logged with a timestamp, actor, and target. Useful for post-incident review and compliance reporting.
Even with automated renewal, you want to know what's happening. CertLocker sends alerts at 30, 14, and 7 days for any cert that hasn't successfully renewed — before it becomes an incident.
Use Let's Encrypt, your internal CA, ZeroSSL, or any ACME-compatible authority. CertLocker isn't a CA — it's the management layer that works with whatever authority you trust.
CertLocker handles the entire lifecycle. You get the dashboard and the alerts.
