> ## Documentation Index
> Fetch the complete documentation index at: https://docs.certgovernance.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Start

> Get CertForge Self-Hosted running in under 10 minutes.

This guide gets a single-node CertForge instance running with file-based storage. No database required.

## Before you begin

* A Linux host (Ubuntu 22.04+ or Debian 12+ recommended)
* A `license.jwt` file — [request a trial](https://certforge.xyz/download) if you don't have one
* Ports 8080 (dashboard) and 8443 (ACME API) available

***

## Step 1 — Download the binary

```bash theme={null}
# Download the latest release
curl -Lo certforge https://github.com/certforge/self-hosted/releases/latest/download/certforge-linux-amd64
chmod +x certforge

# Verify the binary runs
./certforge --version
```

For ARM64 (AWS Graviton, Raspberry Pi 4+):

```bash theme={null}
curl -Lo certforge https://github.com/certforge/self-hosted/releases/latest/download/certforge-linux-arm64
```

***

## Step 2 — Create the data directory

```bash theme={null}
mkdir -p data
```

***

## Step 3 — Place your license file

```bash theme={null}
cp /path/to/license.jwt data/license.jwt
```

***

## Step 4 — Create a minimal config

```bash theme={null}
cat > config.yaml << 'EOF'
mode: self-hosted

server:
  listen_address: 0.0.0.0
  dashboard_port: 8080   # Dashboard UI
  port: 8443             # mTLS ACME API
  dashboard_enabled: true

storage:
  base_path: ./data
EOF
```

***

## Step 5 — Start the server

```bash theme={null}
./certforge --config config.yaml
```

You should see:

```
[certforge] License loaded: trial (30 days remaining)
[dashboard] Dashboard → http://localhost:8080
[proxy] Listening on :8443
```

***

## Step 6 — Open the dashboard

Open your browser to [http://localhost:8080](http://localhost:8080).

On first run you will be prompted to create the initial superuser account. This account has full administrative access — use a strong password and store it in a password manager.

***

## Step 7 — Create your first Domain Trust Profile

1. In the dashboard, go to **Admin → Domain Trust Profiles**
2. Click **New**
3. Set the domain(s) you want to issue certificates for (e.g. `*.internal.example.com`)
4. Choose your CA: **Internal CA** for private domains, or configure an ACME provider for public domains
5. Set approval policy: **Auto-approve** for development, **Require approval** for production

***

## Step 8 — Issue your first certificate

Point any ACME client at your CertForge instance:

```bash theme={null}
# certbot example
certbot certonly \
  --server http://localhost:8443/acme/directory \
  --standalone \
  -d your.domain.internal
```

Or use acme.sh:

```bash theme={null}
acme.sh --issue \
  --server http://localhost:8443/acme/directory \
  -d your.domain.internal \
  --standalone
```

***

## Next steps

<CardGroup cols={2}>
  <Card title="Run as a service" icon="gear" href="/self-hosted/systemd">
    Set up a systemd unit so CertForge starts automatically and restarts on failure.
  </Card>

  <Card title="Full configuration" icon="file" href="/self-hosted/configuration">
    Configure TLS, SMTP, DNS validation, alerts, and more.
  </Card>

  <Card title="Set up ACME" icon="certificate" href="/guides/acme-setup">
    Connect to Let's Encrypt, ZeroSSL, or your own ACME CA.
  </Card>

  <Card title="Internal CA" icon="lock" href="/guides/internal-ca">
    Issue certificates for internal domains without an external CA.
  </Card>
</CardGroup>
