Documentation
aethercert has no phone or email support queue - everything you need to run it is on this page and the ones linked below. If a step here doesn't match what you see in the dashboard, something is out of date and worth reporting.
New here?
Getting started walks through the whole path: create an account, install an agent, add a domain, and issue your first certificate.
How aethercert fits together
- Agents are a small binary you install on each server. They poll aethercert for work - no inbound connection to your infrastructure is ever needed.
- Domains are verified once via a DNS TXT record, then optionally connected to a DNS provider so DNS-01 challenges can be solved automatically.
- Certificate authorities define where certificates come from - Let's Encrypt, another public ACME CA, or your own internal CA.
- Certificates tie a common name, a CA, and a deploy target together, and are issued to either a single agent or an agent group.
Concepts
Getting startedSign up, install an agent, and issue your first certificate.AgentsInstalling, updating, and running the aethercert agent.Agent groupsTarget one certificate at a fleet of servers.Domains & DNS-01Verifying ownership and automating DNS-01 challenges.Certificate authoritiesPublic ACME CAs, EAB keys, and internal/private CAs.Deploy targetsWindows, Linux, and third-party deployment.FAQ & troubleshootingAnswers to common questions and job failures.
Guides
Add Google Trust ServicesStep by step: EAB keys and connecting the CA.Add ZeroSSLStep by step: EAB keys and connecting the CA.Add SSL.comStep by step: EAB keys and connecting the CA.Add ActalisStep by step: EAB keys and connecting the CA.Connect an internal/private CAPoint aethercert at your own ACME or REST-based CA.Automate DNS-01 with CloudflareCreate a scoped API token and connect it.Automate DNS-01 with Route 53Create an IAM policy and connect it.Automate DNS-01 with DigitalOceanCreate a personal access token and connect it.Automate DNS-01 with HetznerCreate an API token and connect it.