sslbrain Manual

Everything you need to install, configure, and manage sslbrain.

Quick Start: sslbrain

Prerequisite: Docker must be installed and running on the host that will run sslbrain.

  1. Join the list via early access. We'll email you the install instructions the moment Community is ready to install.
  2. You'll receive a personalized docker-compose.yml with a one-time installation token.
  3. Place the file on the Docker host and start the service with your usual Docker compose tooling.
  4. Open https://127.0.0.1:443 in your browser (or https://server-ip:443; the port mapping can be changed in the personalized compose file).
  5. The setup wizard starts automatically:
    1. Confirm your admin user via the OAuth binding from your account
    2. Choose license (free Community or paid)
    3. Configure alert email and IP whitelist
    4. Save your backup key in a safe place

    → See Installation for token-flow details, and Setup for the setup wizard.

  6. Set up Auto-DNS for your domains:

    Create one CNAME record per domain: _acme-challenge.example.com CNAME example.com.acme.sslbrain.cloud.

    This makes certificate issuance and renewal fully automatic. No open ports needed on your servers.

    → See Auto-DNS for setup with your DNS provider.

  7. Add a server (hostname, SSH/WinRM/Agent)
  8. Issue your first certificate

→ See Installation for system requirements, networking and advanced configuration.

Quick Start: Windows Service Agent

  1. In sslbrain: go to Downloads, get Windows Agent (.msi)
  2. Run MSI on the Windows server (next, next, finish)
  3. The agent automatically finds your sslbrain instance and connects

The server appears in sslbrain within 1 minute.

For automated deployment to many servers:

  • Silent install: msiexec /i sslbrain-agent.msi SERVER=https://your-sslbrain:443 /quiet
  • GPO / SCCM / Intune: Distribute the MSI package via your preferred deployment tool

→ See Windows Agent for registry settings, GPO deployment and troubleshooting.

Quick Start: First Certificate

  1. Make sure Auto-DNS is set up for the domain (see above)
  2. Go to Certificates and click New certificate
  3. Choose domain, CA (Let's Encrypt is the default) and server
  4. sslbrain issues the certificate and configures automatic renewal

→ See Certificates for wildcard, SAN, commercial certificates and validation methods.