Curated topics
The things that are easy to get wrong.
Hand-written explainers — no AI-generated filler. Each piece is grounded in the CertMate source and cites the doc it draws from. The first cuts are landing progressively; the full catalogue below tells you what to expect.
- What CertMate is (and isn't)
Overview, scope, head-to-head against certbot / Caddy / Traefik / Vault. Includes 'when CertMate is overkill'.
- From zero to your first SSL certificate in 15 minutes
Real commands — Docker boot, Cloudflare token, wildcard issuance, auto-renew, deploy hook. No theory.
- ACME DNS-01 challenge, end to end
Wire-level walkthrough of the validation dance, the four failure modes everyone hits, what CertMate automates.
- Free wildcard certificates with Let's Encrypt
What the wildcard does and doesn't cover, why DNS-01 is mandatory, the apex+wildcard SAN pattern, security implications.
- CNAME delegation for cross-provider validation
Keep production DNS where it is; delegate ACME validation to a separate zone with narrow credentials.
- Multi-account DNS — prod / staging / DR on one CertMate
Hold many DNS credentials per provider, pin certs to the right account, migrate without downtime.
- Deploy hooks: from renewed cert to live edge
The 5-field hook contract, the env vars CertMate guarantees, five recipes that actually work, security model.
- Auto-renewal and key rotation — the long game
The scheduler's renewal arithmetic, key rotation as a side-effect of renewal, the four failure modes that happen for real.
- Audit log and compliance — what's recorded, what an auditor wants
JSON audit schema, queryable patterns, retention + SIEM wiring. The contract behind 'who renewed cert X on date Y'.
Want one of these next? Open an issue on the agent repo and tell me which one you'd read first.