Enable blog

Author: webprofusion-chrisc

blog/2024-12-08-acme-clients.md

@@ -0,0 +1,108 @@
+---
+title: Comparing ACME Clients for Windows
+description: A detailed comparison of popular ACME clients and how they stack up against Certify The Web.
+slug: comparing-acme-clients
+authors: webprofusion-chrisc
+tags: [acme, certificate management, security]
+image: https://certifytheweb.com/images/management/summary.png
+hide_table_of_contents: false
+---
+
+In the world of SSL/TLS certificate management, [ACME clients](https://acmeclients.com) play a crucial role in automating the issuance and renewal of certificates. Today, we will compare some of the most popular ACME clients, with an emphasis on Windows support: win-acme, Posh-ACME, Certbot, and Certify The Web (Certify Certificate Manager). Each of these clients has its own unique features and strengths, making them suitable for different use cases.
+
+<!-- truncate -->
+
+## Posh-ACME
+
+### Overview
+Posh-ACME is a PowerShell module for managing ACME certificates. It is highly scriptable and ideal for users who prefer working with PowerShell.
+
+### Key Features
+- **PowerShell Integration**: Leverages PowerShell for automation and scripting.
+- **Flexible Validation**: Supports custom challenge validation via your own scripting.
+- **Customizable**: Highly customizable through PowerShell scripts, allowing for complex automation scenarios.
+- **Cross-Platform**: Can be used on Windows, macOS, and Linux.
+
+#### Pros
+- Highly scriptable and customizable.
+- Cross-platform support.
+- Integrates well with existing PowerShell workflows.
+
+#### Cons
+- Requires familiarity with PowerShell.
+- May have a steeper learning curve for non-PowerShell users.
+
+## win-acme
+
+### Overview
+win-acme is a simple and powerful ACME client for Windows. It is designed to be easy to use and integrates well with IIS. Originally called letsencrypt-win-simple
+
+### Key Features
+- **Simplicity**: win-acme is great if you have a few certificates to manage and don't want a full UI or extensive features.
+- **Ease of Use**: win-acme provides a straightforward command-line interface and a user-friendly interactive mode.
+- **IIS Integration**: Integrates with IIS, making it easy to manage certificates for IIS websites.
+- **Pluggable Validation**: Supports various validation methods, including HTTP-01, DNS-01, and TLS-ALPN-01.
+- **Scheduled Renewals**: Automatically schedules certificate renewals using a Windows Scheduled Task, ensuring your certificates are always up-to-date.
+
+#### Pros
+- Simple interface.
+- Excellent integration with IIS.
+- Supports multiple validation methods.
+
+#### Cons
+- The main developer of win-acme has moved on to simple-acme, making win-acme deprecated. Existing users are encouraged to check out https://simple-acme.com
+- Deployment limited to IIS or custom scripts.
+
+
+## Certbot
+
+### Overview
+Certbot is one of the most widely used ACME clients, developed by the Electronic Frontier Foundation (EFF). It is known for its robustness and extensive documentation.
+
+### Key Features
+- **Wide Compatibility**: Supports a wide range of web servers and operating systems.
+- **Automated Renewals**: Automatically renews certificates and updates web server configurations (Apache and nginx).
+- **Pluggable Validation**: Supports HTTP-01 and DNS-01 validation methods.
+
+#### Pros
+- Popular on Linux.
+- Supports a wide range of environments (via snap install).
+- Strong community support.
+
+#### Cons
+- No longer supported on Windows. 
+- Zero IIS integration.
+- Command-line interface may be less user-friendly for beginners.
+- Requires manual configuration for some web servers.
+
+## Certify The Web
+
+### Overview
+Certify The Web is a comprehensive ACME client designed for Windows. It provides a graphical user interface (GUI) and integrates seamlessly with IIS and includes built in Deployment Task support for various web servers and services. It also includes a centralized dashboard option, commercial support and multi-instance management via the upcoming **Certify Management Hub** product.
+
+![Certify Management Hub](https://certifytheweb.com/images/screens/landing_page.png)
+
+### Key Features
+- **User-Friendly GUI**: Intuitive graphical interface for managing certificates.
+- **IIS and Beyond**: Supports IIS, Apache, Nginx, and other web servers.
+- **Automated Renewals**: Automatically renews certificates and updates web server configurations.
+- **DNS Validation**: Supports DNS-01 validation with many DNS providers. Certify even includes many providers from the Posh-ACME project.
+- **Advanced Features**: Includes features like deployment tasks, scripting, and reporting.
+- **Dashboard and Status Reporting**: Includes unique zero-config status reporting ensuring you are notified of renewal failures before they become a real problem.
+
+#### Pros
+- Easy-to-use graphical interface.
+- Supports a wide range of web servers and validation methods.
+- Advanced features for complex scenarios.
+- Used by hundreds of thousands of organizations around the world.
+- Commercial support available by purchasing a license key.
+
+#### Cons
+- Currently limited to Windows environments, but a new web based Certify Management Hub app will be available soon.
+- Command line options are more limited that other command line native apps
+
+## Conclusion
+
+Each of these ACME clients has its own strengths and is suitable for different use cases. Obviously we think Certify Certificate Manager is an excellent choice for Windows users, offering a comprehensive feature set, commercial support and a user-friendly GUI. Posh-ACME is ideal for PowerShell enthusiasts who need a highly scriptable solution, win-acme is great for users who prefer the command line, while Certbot is a robust and widely known option (on Linux).
+
+Ultimately, the best ACME client for you will depend on your specific needs and environment. We encourage you to explore these options and choose the one that best fits your requirements.

blog/2025-01-17-acme-profiles.md

@@ -0,0 +1,49 @@
+---
+title: Draft support for ACME Profiles
+description: ACME profiles draft implementation 
+slug: acme-profiles-draft
+authors: webprofusion-chrisc
+tags: [acme, certificate management, security]
+image: https://certifytheweb.com/images/management/summary.png
+hide_table_of_contents: false
+---
+
+We have implement support for the ACME Profiles extension, a new feature designed to enhance the Automated Certificate Management Environment (ACME) protocol. This extension allows ACME Servers to offer a selection of different certificate profiles to ACME Clients, making it easier for clients to request the specific type of certificate they need.
+
+<!-- truncate -->
+
+ACME Profiles are a new proposed extension to the ACME standard allows CAs to offer certificates with different features depending on user preferences.
+
+https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/
+
+This feature will be available in the next major release of Certify Certificate Manager and Certify Management Hub.
+
+## What are ACME Profiles?
+
+ACME Profiles provide a way for Certificate Authorities (CAs) to advertise the different types of certificates they can issue. For example, a CA might offer a certificate with a shorter lifetime and different key usage constraints. By selecting a profile, clients can ensure they receive a certificate that meets their specific requirements.
+
+## Key Features
+
+### Improved Flexibility
+ACME Profiles make it easier for CAs to introduce new and improved certificate types. Clients can quickly adopt these new profiles without needing to change their existing workflows or configurations.
+
+### Enhanced Security
+By moving profile selection out of the CSR and into the ACME protocol, ACME Profiles reduce the risk of compliance incidents caused by incorrect or malicious CSR values. This helps ensure that certificates are issued according to the CA's policies and standards.
+
+## How It Works
+
+### Server Advertisements
+ACME Servers that support profiles will include a new `profiles` field in their Directory object. This field lists the available profiles and provides human-readable descriptions or URLs to documentation.
+
+### Client Requests
+When creating a new Order, clients can specify the desired profile in the `profile` field of the Order object. The server will then issue a certificate that matches the selected profile.
+
+In **Certify Certificate Manager** and **Certify Management Hub** this will be available as an option under under *Certificate > Advanced > Certificate Authority*.
+
+## Current Implementations
+Let's Encrypt's Boulder ACME Server software fully implements the ACME Profiles extension. Although profiles are not yet configured in Let's Encrypt's Production and Staging environments, the Pebble ACME Server testbed also supports this extension.
+
+## Conclusion
+The ACME Profiles extension is a significant step forward in providing flexibility and preferences in automated certificate management. By allowing clients to select predefined profiles, it reduces complexity, enhances security, and provides greater flexibility for both clients and CAs.
+
+We encourage you to explore the ACME Profiles feature when it becomes available and provide feedback to help us continue improving this important protocol.

blog/2025-02-08-management-hub.md

@@ -0,0 +1,47 @@
+---
+title: Introducing Certify Management Hub
+description: Introducing Certify Management Hub
+slug: introducing-management-hub
+authors: webprofusion-chrisc
+tags: [certify, news, management-hub]
+image: https://certifytheweb.com/images/management/summary.png
+hide_table_of_contents: false
+---
+
+We are excited to introduce our upcoming tool designed to simplify and streamline your certificate management process. **Certify Management Hub** is a centralized platform that allows you to manage all your SSL/TLS certificates from a single interface. Whether you are handling certificates for a small business or a large enterprise, the Management Hub provides the tools you need to ensure your certificates are always up-to-date.
+
+![Certify Management Hub](https://certifytheweb.com/images/management/summary.png)
+
+<!-- truncate -->
+
+## What is Certify Management Hub?
+
+Certify Management Hub provides a single view of all of your managed certificates across your organizations. You can optionally centrally renew certificates or delegate certificate renewals to individual Certify Certificate Manager (and compatible agents). Existing Certify Certificate Manager users can use the management hub to see and manage certificates across hundreds of servers.
+
+## Key Features
+
+### Centralized Management
+With the Certify Management Hub, you can view and manage all your certificates in one place. This eliminates the need to log into multiple systems and simplifies the management process.
+
+### Automated Renewals
+Never worry about expired certificates again. The Management Hub automates the renewal process, ensuring that your certificates are always valid and up-to-date.
+
+### Detailed Reporting
+Get detailed reports on the status of your certificates, including upcoming expirations and renewal logs. This helps you stay on top of your certificate management and avoid any potential issues.
+
+### Managed (DNS) Challenges
+Optionally centralize the configuration of DNS challenges and let compatible ACME clients use the management hub API to request DNS validation updates on their behalf. This removes the need to distribute sensitive DNS API credentials over many servers.
+
+## Simple Upgrade
+
+Getting started with the Certify Management Hub is easy if you are an existing Certify Certificate Manager users. Update your app version to the latest release that supports Certify Management Hub, then tell the app the URL of the Management Hub and joining key.
+
+## Join the Beta
+
+We are currently accepting beta testers for the Certify Management Hub. If you are interested in participating, please let us know via email at `support at certifytheweb.com`. Your feedback and feature requests will help us refine the product and ensure it meets your needs.
+
+## Conclusion
+
+The Certify Management Hub is designed to make certificate management simple, efficient, and secure. We are excited to bring this new tool to our users and look forward to your feedback. Stay tuned for more updates and features as we continue to develop and improve the Management Hub.
+
+Thank you for your continued support!

blog/2025-02-08-renewal-monitoring.md

@@ -0,0 +1,80 @@
+---
+title: Certificate Renewal Monitoring Options
+description: Tracking large numbers of certificates can get complicated. Learn about the various options available.
+slug: renewal-monitoring
+authors: webprofusion-chrisc
+tags: [certify, news, management-hub, dashboard]
+
+---
+
+Managing SSL/TLS certificates can be a daunting task, especially when dealing with a large number of certificates across multiple domains and servers. Ensuring that certificates are successfully renewed on time is crucial to maintaining the security and trustworthiness of your websites and services. 
+
+Recently Let's Encrypt in particular have announced they will no longer send expiry notification emails, leaving end-users wondering how best to keep track.
+
+In this article, we will explore various options for certificate renewal monitoring tools, including RedSift and Certify Dashboard, and how they compare.
+
+<!-- truncate -->
+
+## RedSift
+
+### Overview
+RedSift is a cybersecurity platform that offers a range of tools for managing and monitoring digital certificates. Their certificate monitoring solution helps organizations keep track of their SSL/TLS certificates and ensures timely renewals.
+
+### Key Features
+- **Automated Monitoring**: Continuously monitors your certificates and alerts you to upcoming expirations.
+- **Detailed Reporting**: Provides comprehensive reports on the status of your certificates, including expiration dates and renewal history.
+- **Integration**: Integrates with various platforms and services to provide a seamless monitoring experience.
+- **Security Alerts**: Notifies you of any security issues related to your certificates, such as weak encryption or misconfigurations.
+
+### Pros
+- Comprehensive monitoring and reporting features.
+- Integration with multiple platforms.
+- Security alerts for potential issues.
+
+### Cons
+- May require a learning curve to fully utilize all features.
+- Pricing may be a consideration for smaller organizations.
+- Only tracks certificate issuance, not ACME client renewal attempts.
+
+## Certify Dashboard
+
+### Overview
+Certify Dashboard is a hosted service designed to simplify and streamline the monitoring of SSL/TLS certificate renewals. It integrates seamlessly with Certify Certificate Manager and other ACME clients, providing a centralized platform for managing your certificates. 
+
+Certify Dashboard is unique in that it is not a Certificate Transparency Log monitor, it doesn't just track certificate issuance, its shows attempted renewals and potentially their associated failures.
+
+### Key Features
+- **Centralized Management**: View and manage all your certificates from a single interface.
+- **Automated Renewals**: Automatically tracks and reports on certificate renewals, ensuring they are always up-to-date.
+- **Detailed Reporting**: Get detailed reports on the status of your certificates, including upcoming expirations and renewal history.
+- **Integration with ACME Clients**: Works with popular ACME clients like Certbot and acme.sh, making it easy to incorporate into your existing workflow.
+- **Secure and Reliable**: Uses industry-standard encryption and security practices to protect your certificates and data.
+
+### Pros
+- User-friendly interface for managing certificates.
+- Seamless integration with Certify Certificate Manager and other ACME clients.
+- Automated tracking and reporting of certificate renewal attempts.
+
+### Cons
+- Limited to environments that support ACME clients.
+- Some advanced features may require a paid license.
+
+## Comparison
+
+### Ease of Use
+Certify Dashboard offers a user-friendly interface that simplifies the process of managing and monitoring certificates. RedSift, while comprehensive, may require a learning curve to fully utilize all its features.
+
+### Integration
+Both RedSift and Certify Dashboard offer integration with various platforms and services. However, Certify Dashboard's seamless integration with Certify Certificate Manager and other ACME clients makes it a more straightforward choice for users already utilizing these tools.
+
+### Reporting and Alerts
+Both tools provide detailed reporting and alerts for upcoming certificate expirations. RedSift also offers security alerts for potential issues, which can be a valuable feature for organizations concerned about certificate-related security risks.
+
+### Pricing
+Pricing can be a consideration for smaller organizations. Certify Dashboard will offer a free tier for managing up to 250 certificates, making it an attractive option for smaller setups. RedSift's pricing may be higher, but it offers a broader range of cybersecurity tools beyond certificate monitoring.
+
+## Conclusion
+
+Both RedSift and Certify Dashboard provide robust solutions for monitoring SSL/TLS certificate renewals. The choice between them will depend on your specific needs and existing infrastructure. Certify Dashboard is an excellent choice for users looking for a straightforward, integrated solution with Certify Certificate Manager and other ACME clients. RedSift, on the other hand, offers a more comprehensive cybersecurity platform with additional features and integrations.
+
+We encourage you to explore both options and choose the one that best fits your requirements. Ensuring timely certificate renewals is crucial for maintaining the security and trustworthiness of your websites and services.

blog/authors.yml

@@ -0,0 +1,8 @@
+webprofusion-chrisc:
+  name: Christopher Cook
+  title: Lead Developer of Certify The Web
+  url: https://github.com/webprofusion-chrisc
+  image_url: https://avatars.githubusercontent.com/u/2445502?v=4
+  socials:
+    x: webprofusion
+    github: webprofusion-chrisc

docusaurus.config.js

@@ -23,10 +23,12 @@ module.exports = {
         src: 'img/logo.svg',
       },
       items: [
+
         { to: 'docs/intro', label: 'Certify Certificate Manager', position: 'left' },
         { to: 'docs/dashboard/', label: 'Certify Dashboard', position: 'left' },
         { to: 'docs/dns/providers/certifydns/', label: 'Certify DNS', position: 'left' },
         { to: 'docs/support', label: 'Support', position: 'left' },
+        { to: 'blog', label: 'Blog', position: 'right' },
         {
           href: 'https://community.certifytheweb.com',
           label: 'Community',

src/css/custom.css

@@ -6,15 +6,21 @@
 
 /* You can override the default Infima variables here. */
 :root {
-  --ifm-color-primary: #25c2a0;
-  --ifm-color-primary-dark: rgb(33, 175, 144);
+  
+  --ifm-color-primary: #002809;
+  --ifm-color-primary-dark: rgb(33, 175, 85);
   --ifm-color-primary-darker: rgb(31, 165, 136);
-  --ifm-color-primary-darkest: rgb(26, 136, 112);
+  --ifm-color-primary-darkest: rgb(26, 136, 63);
   --ifm-color-primary-light: rgb(70, 203, 174);
   --ifm-color-primary-lighter: rgb(102, 212, 189);
   --ifm-color-primary-lightest: rgb(146, 224, 208);
   --ifm-code-font-size: 95%;
 }
+h2.title_f1Hy{
+  font-size: 2rem;
+  font-weight: 400;
+  margin-bottom: 1rem;
+}
 
 .docusaurus-highlight-code-line {
   background-color: rgb(72, 77, 91);
@@ -53,4 +59,4 @@
 
  .markdown .clear-float {
   clear:both;
- }
+ }