managemycert
Log in Get started — Free
Documentation

How ManageMyCert works.

Everything you need to know to monitor, renew, and deploy SSL/TLS certificates.

Create an account

Sign up with your email and a password, or click Continue with Google. We use Firebase Authentication so your password is never stored on our servers.

Adding your first domain

From the portal, click + Add domain and enter a hostname. We'll do an immediate SSL inspection — no installation, no SDK, no config files.

Verifying ownership

Before we activate monitoring on a domain, you have to prove you control it. Choose one method:

Method 1 — DNS TXT record

Add a TXT record on the domain you're adding:

_managemycert-verify.example.com.  IN TXT  "mmc-<your-token>"

Method 2 — A record on a verify subdomain

Point a unique subdomain at our verifier IP:

<your-token>.verify.managemycert.com.  IN A  198.51.100.42

After saving the record, hit I've added it in the portal — we'll do a live DNS lookup and unlock monitoring.

Notification gateways

ManageMyCert never uses a shared SMTP/Twilio/Slack account on your behalf — you bring your own gateway. Configure them once under Settings → Notification gateways:

  • Email (SMTP): host, port, username, password, from-address.
  • SMS (Twilio-compatible): account SID, auth token, from number.
  • Slack: incoming webhook URL.

All credentials are encrypted at rest with AES-256-GCM using a per-deployment key.

Alert templates

Reusable messages with variables: {{domain}}, {{days_left}}, {{issuer}}, {{expires}}, {{host}}.

Alert rules

Match a (domain or all-domains) → channel → days-before-expiry → recipients. Multiple rules can fire for one domain.

Auto-renew with Let's Encrypt

Toggle Auto-renew on a Let's Encrypt domain. We run ACME 30 days before expiry and deploy the new cert.

SSH deployment

Provide an SSH host, username, private key, certificate path, and reload command. The portal pushes cert.pem, key.pem, chain.pem, fullchain.pem over SFTP and runs your reload command.

Manual upload

Don't want auto-deploy? Toggle it off and we'll just notify you 30/14/7 days before expiry — you handle the rest.

FAQ

Is it really free?
Yes. No tier, no upsell, no credit card. We accept donations to keep the lights on.

Do you store my private keys?
Only if you explicitly enable auto-deploy. They're AES-256-GCM encrypted with a key that's distinct from your account password.

What if I just want monitoring?
Skip the SSH config. Add a domain, verify ownership, set alerts — done.