CertAutoPilot Documentation
CertAutoPilot is a self-hosted certificate lifecycle platform — issuance, renewal, and distribution — supporting ACME CAs (Let's Encrypt, Sectigo, any EAB-bound CA) and Microsoft AD CS (via CES/CEP).
Where to start
- New to CertAutoPilot? Follow the Getting Started guide to install, issue your first certificate, and distribute it to a target.
- Exploring the app? The Web UI Guide walks through every page of the interface step by step.
- Deploying to production? See Deployment for standalone, multi-VM, Docker, Helm, and HA topologies.
Core areas
| Area | What you'll find |
|---|---|
| Certificates | Issuance, renewal, reissue, revoke, download, risk scoring, policies |
| CA Providers | ACME accounts, Microsoft AD CS, EAB-bound CAs |
| DNS | 14 DNS providers for DNS-01 validation, zones, propagation settings |
| Distribution | 11 target modules — SSH, Kubernetes, IIS, WinRM, F5, NetScaler, Vault, AWS ACM, and more |
| Discovery | Network certificate scanning, inventory, findings, PQC readiness |
| Notifications | Email, Slack, Teams channels with event-based rules |
| Security & Access | RBAC, programmatic access, LDAP, 2FA, approval workflows, audit |
| Encryption & HSM | Envelope encryption, KEK rotation, PKCS#11 |
| Administration | Settings, licensing, clustering, system health |
| Reference | CLI, API, configuration, job types, error codes |
| Operations | Runbook, observability, troubleshooting |