Skip to main content
This guide gets a single-node CertForge instance running with file-based storage. No database required.

Before you begin

  • A Linux host (Ubuntu 22.04+ or Debian 12+ recommended)
  • A license.jwt file — request a trial if you don’t have one
  • Ports 8080 (dashboard) and 8443 (ACME API) available

Step 1 — Download the binary

For ARM64 (AWS Graviton, Raspberry Pi 4+):

Step 2 — Create the data directory


Step 3 — Place your license file


Step 4 — Create a minimal config


Step 5 — Start the server

You should see:

Step 6 — Open the dashboard

Open your browser to http://localhost:8080. On first run you will be prompted to create the initial superuser account. This account has full administrative access — use a strong password and store it in a password manager.

Step 7 — Create your first Domain Trust Profile

  1. In the dashboard, go to Admin → Domain Trust Profiles
  2. Click New
  3. Set the domain(s) you want to issue certificates for (e.g. *.internal.example.com)
  4. Choose your CA: Internal CA for private domains, or configure an ACME provider for public domains
  5. Set approval policy: Auto-approve for development, Require approval for production

Step 8 — Issue your first certificate

Point any ACME client at your CertForge instance:
Or use acme.sh:

Next steps

Run as a service

Set up a systemd unit so CertForge starts automatically and restarts on failure.

Full configuration

Configure TLS, SMTP, DNS validation, alerts, and more.

Set up ACME

Connect to Let’s Encrypt, ZeroSSL, or your own ACME CA.

Internal CA

Issue certificates for internal domains without an external CA.