Is Certeasy a certificate authority (CA)?

No. Certeasy is not a CA and does not issue public certificates. It acts as an internal ACME server in front of your existing Microsoft ADCS CA. All issuance remains on-prem.

Do I need to expose Certeasy on the Internet?

Never. Certeasy is designed to run fully on-premise. Your ACME clients point to an internal URL such as:
https://acme.your-domain.local/directory.

How is Certeasy installed?

You install Certeasy on an internal server, connect it to your ADCS CA, and configure your servers to use the internal ACME URL.

Does Certeasy require Internet access?

No. Certeasy operates fully offline. It never contacts certeasy.tech.
An auto-update feature is under development and will be opt-in — it can be disabled for air-gapped or restricted environments.

Is Certeasy production-ready?

Certeasy is currently in public beta. Core issuance has been tested with certbot and HTTP-01. Formal validation with acme.sh, Caddy, DNS-01 and TLS-ALPN-01 is in progress. Revocation and account update are implemented but rarely exercised in practice, so proceed with caution.
Plan limits (managed server quota, CA count) are not yet enforced: all active licenses have full access. Enforcement will be introduced before the V1 stable release.

Can I use certbot with Certeasy?

Yes. Certeasy supports any standard ACME client including Certbot, acme.sh, Caddy, Posh-ACME, and others.

Which ACME challenges are supported?

Certeasy supports HTTP-01, DNS-01 and TLS-ALPN-01 from V1 — on all plans. Distributed validators for segmented networks are planned for V3.

If Certeasy goes down, are my certificates at risk?

No. Certificates already issued keep working regardless. ACME clients start renewal 30 days before expiry, giving ample time to restore the service before any certificate actually expires.

What's the difference between the Free, Starter, Pro and Enterprise plans?

• Free: 1 production installation, ~25 managed servers, 1 ADCS production authority. Renewed annually at €0, price locked.
• Starter: €299/year, 1 production installation, ~250 managed servers, 2 ADCS production authorities.
• Pro: €499/year, 1 production installation (Active/Passive included), unlimited managed servers, 3 ADCS production authorities, PostgreSQL.
• Enterprise: €999/year/CA, everything in Pro + up to 5 ADCS production authorities, split deployment, Active/Active HA (V2), distributed validators (V3).

What does "1 production installation" mean?

One license covers one production Certeasy deployment. Dev and staging instances may run under the same license at no additional cost. They do not count as production installations.

Can I run multiple Certeasy instances?

Yes. One license covers one production installation — dev and staging are included. For Active/Passive high availability, Pro includes a passive standby at no extra cost. Active/Active multi-node deployments require an Enterprise license (available in V2).

How does high availability work?

Active/Passive (Pro+): run two Certeasy instances against the same PostgreSQL database with a load balancer or keepalived in front. No additional feature required — this is a standard deployment pattern.
Active/Active (Enterprise, V2): multiple active nodes with distributed job coordination. Requires PostgreSQL.

Do plan limits apply right now?

Not yet. The managed server quota (distinct ACME accounts with at least one active certificate) and CA count limits are not enforced during the beta — all active licenses have full access regardless of plan. Enforcement will be introduced before the V1 stable release.

What happens after the 6-month evaluation?

Nothing automatic. 15 days before expiry, we'll ask whether you want to continue. If you choose to subscribe, you pay for a year and your existing license keeps working. No re-activation, no disruption. If you stop, the license simply expires.

What does "price stability over time" mean?

Once you become a customer, your price stays the same. Any future pricing changes will apply only to new customers.

What database should I use?

SQLite (Free, Starter): zero setup, single file, sufficient for most deployments up to ~250 managed servers.
PostgreSQL (Pro+): recommended for larger infrastructures, Active/Passive HA, and teams that already operate a PostgreSQL stack.

Are the certificates secure?

Yes. Certeasy uses your existing ADCS templates and policies. Certificates are identical to those issued through Microsoft consoles, just automatically.

Can we audit the source code before buying?

Yes. Source code access is available under NDA for security evaluation purposes — whether you are a prospect or an existing customer. Contact us at contact@certeasy.tech to request access.

What features are planned next?

V2: split deployment (ADCS connector on Tier 0), SQL Server support, Active/Active high availability.
V3: distributed validation agents for segmented networks.
V4: admin dashboard, certificate expiry tracking, network discovery.

How does support work?

• Free: community support (not guaranteed).
• Starter: email support (best effort).
• Pro: priority email support.
• Enterprise: priority support and onboarding sessions on request.
There is no phone support.

Can I upgrade from Starter to Pro or Enterprise?

Yes, at any time. Upgrading requires no reinstallation.