Skip to main content
SMTP enables CertForge to send password resets, alert notifications, approval emails, and scheduled reports. Configure it in Admin → Settings → Notifications.

SMTP configuration

After saving, click Send Test Email to confirm.

SendGrid

Port 587, username apikey, password = API key. Generous free tier.

AWS SES

Port 587. Use SMTP credentials from IAM. Very low cost at volume.

Postmark

Port 587. Excellent deliverability for transactional email.

Office 365

Port 587, STARTTLS. Requires app password if MFA is enabled on the account.

What gets sent

Alert subscriptions (personal)

Users can opt in to receive personal emails when specific alert rules fire:
  1. Go to Profile → Alert Subscriptions
  2. Check the alert rules to follow
  3. Save
Requires an email address on the account and SMTP configured.

Report subscriptions (scheduled)

Users can receive scheduled email reports:
  1. Go to Profile → Report Subscriptions
  2. Enable reports and choose daily or weekly delivery
  3. Save
Available reports: Certificate Inventory, Expiring Certificates (next 30 days), Approval Activity (last 30 days). The first delivery happens within an hour of enabling. Subsequent deliveries follow the selected schedule.

Email template customization

Default templates can be customized in Admin → Settings → Email Templates. Templates use Go’s text/template syntax. Three templates are available: License & Welcome (license), Email Verification (verify), and Password Reset (reset). Each template card has two helper buttons:
  • Load Default — fetches the built-in template text into the editor so you can use it as a starting point for customization. This does not save until you click Save.
  • Preview — renders the template with sample data and shows the result in a modal. Use this to verify layout and variable substitution before saving.
Available variables by template: License & Welcome
Email Verification
Password Reset
Leave a template blank to use the built-in default.

Troubleshooting

Test email not received — Check spam folder. Verify the From address is authorized to send from your SMTP server (SPF/DKIM). Authentication failed — Verify username and password. For Gmail/Office 365, use an app-specific password rather than your account password. Connection refused — Check host and port. For port 587, TLS should be off (STARTTLS is negotiated after connection). For port 465, TLS should be on. Emails going to spam — Configure SPF, DKIM, and DMARC records for your From domain. Use a dedicated transactional email service rather than a personal mail server.