Free
Free for up to 5 endpoints and 10 certificate plans, with free DV certificates from Let's Encrypt and Google Trust.
Need Pro or Enterprise? Join the early access list and get 20% off year one.
Early accessJoin the list
Add yourself to the list and we'll email you the install instructions as soon as Community is ready.
Receive your docker-compose.yml
We send a personalized docker-compose.yml with a one-time installation token. The file is bound to your signup.
Run on your Docker host
Place the file on your Docker host and start the service with your usual Docker compose tooling. First boot activates the license and pulls the signed components using the token.
We'll email you the moment Community is ready to install.
Outbound only
The service connects outbound to fixed sslbrain endpoints, so no inbound ports from the internet are required.
All data local
Credentials, certificates, and private keys never leave your network.
Easy to remove
Stop the container and remove the volume, and there are no leftovers. The account can be re-used later.
System requirements
Minimum
- Docker Engine 24+ or Docker Desktop
- 2 GB RAM
- 2 GB disk space
- x86_64 or ARM64 architecture
Recommended
- 4 GB RAM for 25+ servers
- SSD storage for better performance
- Dedicated host or VM
Network requirements
| Direction | Destination | Port | Purpose |
|---|---|---|---|
| Outbound | cloud.sslbrain.com | 443 | License validation, updates, vault |
| Outbound | acme.sslbrain.com | 443 | Certificate issuance |
| Outbound (local) | Your servers | Whatever ports your servers use for management (e.g. 22, 5985, 443) | sslbrain installs certificates on your servers |
| Inbound (local only) | Browser and local servers/agents | 443 | Admin UI for you, and the API your own servers and agents call |
cloud.sslbrain.com and acme.sslbrain.com share fixed IP addresses for firewall whitelisting. Inbound 443 is only for access from your own network, never from the internet.