← Back to blog

April 21, 2015

100% Automated Certificate Provisioning with DNS Approval

When SSLMate launched a year ago, it transformed certificate purchasing from a complicated, multi-step, and highly manual process into a single, easy command. This was a momentous improvement which enabled new possibilities for automating SSL certificate management. But there was one step that was still manual: to prove you were authorized to obtain a certificate, you had to respond to an email sent to an administrative address at your domain. SSLMate is excited to announce that this is no longer the case. With SSLMate 1.0.0, released yesterday, it is now possible to approve a certificate by publishing a DNS record under your domain, enabling 100% automated certificate provisioning and renewal.

Using DNS approval is easy. Just pass the --approval=dns command line option to sslmate buy. sslmate buy will print out the DNS record that you must publish under your domain. Once you've added the DNS record, the certificate will issued without you having to respond to an email. Although adding the DNS record is manual, the DNS record does not change when the certificate renews, so as long as you leave your DNS record in place, renewal will be 100% automatic.

SSLMate can also automate the addition of the DNS record via a supported DNS backend, making not only renewals, but initial purchases as well, 100% automated. If you use a provisioning system to provision websites, you can now call out to SSLMate to get a certificate in 60 seconds, with zero human interaction required. SSLMate 1.0.0 ships with support for Amazon Route 53. All you need to do to use it is place your AWS credentials in their standard location at ~/.aws/credentials, and then pass the --approval=dns command line option to sslmate buy.

If you already have certificates from SSLMate, you can set them up with DNS approval by running sslmate edit HOSTNAME --approval=dns.

These are only the simple cases, which SSLMate has made extremely easy. DNS approval has a powerful interior, with advanced configuration options and a plugin interface to add support for additional DNS backends. Check out the DNS approval documentation for details.

Stay Tuned for More Automation

Route 53 is only the beginning - support is planned for many more DNS backends. In addition, SSLMate is developing HTTP-based approval, which will allow the approval of certificates by serving a text file from your web server, providing yet more flexibility in the automation of SSL certificates. If you want to take part in the HTTP approval beta, get in touch.

SSLMate 1.0.0

This is second in a series of posts about the new features found in the recently-released SSLMate 1.0.0. To upgrade to SSLMate 1.0.0, head over to our install page or our GitHub repository. If you've installed through APT or Yum, upgrading is as simple as running apt-get update && apt-get upgrade or yum update.

SSLMate makes SSL certificates easy through great software and friendly support. That's why customers say it's a joy to get SSL certificates from SSLMate. Learn more or signup.

Get Started with SSLMate Today

Click to sign up