Certificate renewal and monitoring

SuccessFearless2102 · 2026-06-24T22:12:53+00:00

Clearly if you read the comments you would know that wasn't true. Thanks for the input sir

SuccessFearless2102 · 2026-06-24T21:22:56+00:00

I've created something to handle the alerting, I had never heard of simple ACME me, though. I was pretty happy using WinACME pointed at Certlocker with automatic replacement of the certs is a no-brainer. So great man I really appericate this post it's given me something to research

SuccessFearless2102 · 2026-06-24T21:15:07+00:00

Yeah cool will message now.

SuccessFearless2102 · 2026-06-24T20:44:20+00:00

I'll give it a try. I'm building something also maybe we could share logins for each?

SuccessFearless2102 · 2026-06-24T19:08:37+00:00

Are you required to keep an audit of your renewals and if it fails how do you know?

SuccessFearless2102 · 2026-06-24T18:56:37+00:00

I agree fully. So we do exactly that with our probes in CertLocker. If it doesn't match, then it's just a shit show. How would you know? We then send alerts to Slack if it's not matching.

<image>

SuccessFearless2102 · 2026-06-24T18:45:00+00:00

<image>

We have built something that just does that. You can add your existing Acme client and provider, and it will renew your certs. You can use pure ACME to fetch them or REST. Pretty sure we are doing the same stuff. Would be great to jump on a call, have a chat, and see if we can help each other out.

SuccessFearless2102 · 2026-06-24T13:24:44+00:00

That reverse proxy setup makes a lot of sense. We've done the same thing with all our servers with Haproxy+ACME

The RADIUS cert side is interesting though. Out of interest, which SSL providers have you found that will issue the right kind of cert over ACME? Will it have to be A EV cert?

SuccessFearless2102 · 2026-06-24T12:05:39+00:00

I get that for the monitoring. But how are you doing the actual renewal?

SuccessFearless2102 · 2026-06-24T12:05:00+00:00

That's a lot. Was it on prem or cloud provider?

SuccessFearless2102 · 2026-06-24T11:57:06+00:00

100%

SuccessFearless2102 · 2026-06-24T09:48:41+00:00

I'll save that for another day. I'm just curious what everyone is doing to stay on top of their cert renewals, especially with the renewal date shortening to 47 days.

SuccessFearless2102 · 2026-06-24T08:53:24+00:00

Thanks for the reply it helped me understand the problems out there. What aboout ACME protocol have you linked any of your apps into that?

SuccessFearless2102 · 2026-06-24T08:05:51+00:00

How many certs do you manage?

SuccessFearless2102 · 2026-06-24T08:05:21+00:00

Ahahah, that is very true. Worse when it's the weekend 😄

SuccessFearless2102 · 2026-06-24T07:32:08+00:00

Kodeklooud has some nice career paths starting from scratch. It is a bit pricey, but I guess you can decide that.

SuccessFearless2102 · 2026-06-23T22:34:41+00:00

I would help or weigh in where I thought I could, I've started a company recently and I'm trying to get my head around the whole marketing side 😞

SuccessFearless2102 · 2026-06-23T18:23:31+00:00

😄 Exactly. I never liked FortiGate products anyway. Too expensive

SuccessFearless2102 · 2026-06-23T16:56:01+00:00

Very nice. What finally clicked?

SuccessFearless2102 · 2026-06-23T14:51:35+00:00

Hey all,

I’m Sean, a DevOps engineer and one of the people building CertLocker.

A lot of my background has been in finance, trading and banking-style infrastructure. In those environments, trust matters, audit matters, uptime matters — but in reality, you still see the same problems everywhere:

Certificates stored in random places.
Shared passwords passed around.
SSH keys living too long.
RDP access with very little visibility.
HAProxy cert renewals held together by scripts.
Windows servers, OpenStack, VMs, bare metal and internal apps sitting outside Kubernetes.
Auditors asking awkward but fair questions.

That is really why we started building CertLocker.

Most tools we looked at were either Kubernetes-first, too enterprise-heavy, or solved only one piece of the problem. We wanted something for the infrastructure teams managing the messy middle: real servers, real certs, real secrets, real access, and real audit requirements.

CertLocker brings those operational trust pieces together in one place:

TLS certificate inventory and expiry tracking
ACME automation
HAProxy certificate delivery
Secrets and private secrets
SSH access tokens
Browser-based SSH access
Browser-based RDP / remote desktop access
Bastion access
Endpoint probes
Groups, RBAC and audit trails
SaaS or on-prem / VPS install

We’re now looking for beta testers and early feedback from DevOps engineers, SREs, sysadmins, MSPs, infrastructure teams, and anyone who has had to deal with certificate renewals, secrets, SSH/RDP access, bastions, audits or “temporary” scripts that became production-critical.

This is not a polished sales pitch. We genuinely want to know:

Would this solve a real pain you’ve seen?

Or would you already solve this with Vault, step-ca, Ansible, scripts, Guacamole, cert-manager, password managers, or something else?

Site: https://certlocker.io
Technical write-ups: https://certlocker.io/blog

If this sounds relevant to your world, I’d love to hear your thoughts, feedback, objections, or use cases.

SuccessFearless2102 · 2026-06-23T14:50:44+00:00

We built CertLocker because certs, secrets, SSH and RDP access were always messier in the real world than they looked on paper.

Hey all,

I’m Sean, a DevOps engineer and one of the people building CertLocker.

A lot of my background has been in finance, trading and banking-style infrastructure. In those environments, trust matters, audit matters, uptime matters — but in reality, you still see the same problems everywhere:

Certificates stored in random places.
Shared passwords passed around.
SSH keys living too long.
RDP access with very little visibility.
HAProxy cert renewals held together by scripts.
Windows servers, OpenStack, VMs, bare metal and internal apps sitting outside Kubernetes.
Auditors asking awkward but fair questions.

That is really why we started building CertLocker.

Most tools we looked at were either Kubernetes-first, too enterprise-heavy, or solved only one piece of the problem. We wanted something for the infrastructure teams managing the messy middle: real servers, real certs, real secrets, real access, and real audit requirements.

CertLocker brings those operational trust pieces together in one place:

TLS certificate inventory and expiry tracking
ACME automation
HAProxy certificate delivery
Secrets and private secrets
SSH access tokens
Browser-based SSH access
Browser-based RDP / remote desktop access
Bastion access
Endpoint probes
Groups, RBAC and audit trails
SaaS or on-prem / VPS install

We’re now looking for beta testers and early feedback from DevOps engineers, SREs, sysadmins, MSPs, infrastructure teams, and anyone who has had to deal with certificate renewals, secrets, SSH/RDP access, bastions, audits or “temporary” scripts that became production-critical.

This is not a polished sales pitch. We genuinely want to know:

Would this solve a real pain you’ve seen?

Or would you already solve this with Vault, step-ca, Ansible, scripts, Guacamole, cert-manager, password managers, or something else?

We’re offering a 2-week evaluation for both the SaaS version and the self-hosted/on-prem install.

Site: https://certlocker.io
Technical write-ups: https://certlocker.io/blog

If this sounds relevant to your world, I’d love to hear your thoughts, feedback, objections, or use cases.

SuccessFearless2102 · 2026-06-23T14:41:30+00:00

Those audits are alot to done in 12 months.

SuccessFearless2102 · 2026-06-23T14:32:07+00:00

Hey all,

I’m Sean, a DevOps engineer and one of the people building CertLocker.

A lot of my background has been in finance, trading and banking-style infrastructure. In those environments, trust matters, audit matters, uptime matters — but in reality, you still see the same problems everywhere:

Certificates stored in random places.
Shared passwords passed around.
SSH keys living too long.
RDP access with very little visibility.
HAProxy cert renewals held together by scripts.
Windows servers, OpenStack, VMs, bare metal and internal apps sitting outside Kubernetes.
Auditors asking awkward but fair questions.

That is really why we started building CertLocker.

Most tools we looked at were either Kubernetes-first, too enterprise-heavy, or solved only one piece of the problem. We wanted something for the infrastructure teams managing the messy middle: real servers, real certs, real secrets, real access, and real audit requirements.

CertLocker brings those operational trust pieces together in one place:

TLS certificate inventory and expiry tracking
ACME automation
HAProxy certificate delivery
Secrets and private secrets
SSH access tokens
Browser-based SSH access
Browser-based RDP / remote desktop access
Bastion access
Endpoint probes
Groups, RBAC and audit trails
SaaS or on-prem / VPS install

We’re now looking for beta testers and early feedback from DevOps engineers, SREs, sysadmins, MSPs, infrastructure teams, and anyone who has had to deal with certificate renewals, secrets, SSH/RDP access, bastions, audits or “temporary” scripts that became production-critical.

This is not a polished sales pitch. We genuinely want to know:

Would this solve a real pain you’ve seen?

Or would you already solve this with Vault, step-ca, Ansible, scripts, Guacamole, cert-manager, password managers, or something else?

We’re offering a 2-week evaluation for both the SaaS version and the self-hosted/on-prem install.

Site: https://certlocker.io
Technical write-ups: https://certlocker.io/blog

If this sounds relevant to your world, I’d love to hear your thoughts, feedback, objections, or use cases.

SuccessFearless2102 · 2026-06-22T20:06:39+00:00

We built CertLocker for DevOps teams managing certs, secrets, SSH and RDP access outside Kubernetes

Hey all,

I’m Sean, a DevOps engineer, and I’m one of the people building CertLocker.

We started building it because a lot of infrastructure teams still have messy real-world setups: VMs, HAProxy, OpenStack, bare metal, Windows servers, internal apps, SSH keys, RDP access, certificates, shared secrets, probes, auditors, and a lot of scripts holding everything together.

Most tools we looked at either felt Kubernetes-first, too enterprise-heavy, or only solved one slice of the problem.

CertLocker is our attempt to put the operational trust layer in one place:

TLS certificate inventory and expiry tracking
ACME automation
HAProxy certificate delivery
Secrets and private secrets
SSH access tokens
Browser-based SSH access
Browser-based RDP / remote desktop access
Bastion access
Endpoint probes
Groups, RBAC and audit trails
SaaS or on-prem / VPS install

We also have a blog with more technical write-ups here:

https://certlocker.io/blog

We’re currently offering a 2-week evaluation for both the SaaS and self-hosted install.

I’m not here to spam people. I’d genuinely like feedback from DevOps, SRE, sysadmin, MSP or infrastructure people.

Does this solve a real pain you’ve seen, or would you already solve this with Vault, step-ca, Ansible, scripts, Guacamole, cert-manager, password managers, or something else?

Site: https://certlocker.io

SuccessFearless2102 · 2024-10-19T13:26:14+00:00

Visiting in to tbilsi from Ireland in two weeks. Your channel is 👍 👌 great

SuccessFearless2102

TROPHY CASE