Certificate readiness check
Tick the items you recognise. The score at the bottom tells you how urgent centralised ACME governance is for your team.
No SSL at all - just plain HTTP for internal tools, dashboards, and APIs. Everything travels in clear text but "it is fine because it is internal"
Browser warnings, certificate errors, and "click through this security warning" has become normal for your team
Getting all your devices, containers, and services to trust your CA is hard work
What if api.company.com and admin.company.com had proper certificates without all the work?
That 3 AM wake-up call because someone forgot to renew and your API is down
New CA/Browser Forum rules: 200 days (March 2026), 100 days (March 2027), 47 days (2029). Manual renewal won't work - you need automation now.
Teams are spinning up services and you discover them during security audits or when they break
Different teams using Let's Encrypt, ZeroSSL, cloud CAs - each with different renewal approaches
You're building spreadsheets from multiple sources for SOC 2, ISO 27001, or PCI compliance
Why pay $50-200 per certificate when Let's Encrypt is free and just as trusted?
One *.company.com certificate for everything - easier to manage but harder to track what's actually using it, when it needs renewal, and you're making it very simple for any attacker too ๐
Copilot, Cursor, and other AI tools help developers build and deploy fast, but skip the security planning for exposing services
DevOps, Security, and Platform teams all use different tools and processes