Automic VaultAutomic Vault

brew

Install sslmate with Homebrew, Nix

Buy SSL certs from the command-line. Version 1.10.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install sslmate

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#sslmate

nixpkgs package indexes · pkgs/by-name/ss/sslmate/package.nix · source: api.github.com

overview

Package summary

Buy SSL certs from the command-line

Commands and aliases

  • sslmate

history

Project history and usage

SSLMate is a certificate-management service with a command-line client for buying, renewing, revoking, downloading, and configuring SSL/TLS certificates. Its package-manager identity is the rare commercial PKI workflow that intentionally feels like a Unix command.

Project history

The SSLMate 1 CLI reference describes sslmate as the command-line client for SSLMate, a service for purchasing and managing SSL certificates. The tool automates certificate busy work such as generating a private key, generating a CSR, building a certificate bundle, renewing certificates, and downloading renewed certificates from scripts or cron.

The current SSLMate help system presents the older Basic SSLMate service, the SSLMate command-line interface, APIv2, and newer SaaS-oriented surfaces such as sslmate-agent and APIv3. The changelog shows ongoing service evolution around certificate approval, API keys, DNS integrations, Cert Spotter, and Certificate Transparency search.

Adoption history

SSLMate's own homepage markets the service around automation and shows the terminal command sslmate buy www.example.com as a first-class product interaction. It also lists customer logos and testimonials, including users praising command-line certificate purchase.

The supplied package metadata shows Homebrew and Nix packaging. That limited but meaningful package footprint matches the tool's audience: administrators and developers who want certificate issuance and renewal to be scriptable from Unix-like systems.

How it is used

The CLI is organized into subcommands such as buy, renew, reissue, rekey, revoke, download, list, show, edit, test, mkconfig, retry-approval, and link. The link command writes API credentials to the personal SSLMate configuration file so later commands can run without prompting.

On startup the CLI reads /etc/sslmate.conf and ~/.sslmate when present, with the personal file overriding global options. The SSLMATE_CONFIG environment variable can point to a different personal configuration file, and profiles can produce alternate global configuration and certificate directories.

Why package nerds care

SSLMate matters to package nerds because it packages certificate issuance as an installable CLI, not just a web dashboard. That made it fit naturally into cron, configuration management, and server provisioning long before every certificate workflow was expected to be ACME-native.

It also shows why credential-file documentation matters in package databases: the same file can be both a user config and an API-key store, so package metadata should distinguish ordinary config from secret-bearing state.

Timeline

  • 2014: SSLMate changelog feed identifies the service changelog namespace from 2014.
  • 2021: SSLMate changelog records per-domain authorized CA configuration for Cert Spotter.
  • 2022: SSLMate changelog records flexible API key permissions and prefixed API keys.
  • 2023: SSLMate changelog records expanded Cert Spotter APIs, webhooks, DNS integrations, Slack notifications, and CT Search API improvements.
  • 2024: SSLMate changelog records additional DNS integrations and changes driven by CA/Browser Forum certificate-approval policy.
  • 2026: SSLMate changelog records simpler DNS approval record names.

Related projects

  • Related SSLMate surfaces include Cert Spotter, the Certificate Transparency Search API, sslmate-agent, APIv2, APIv3, and DNS provider integrations.
  • The tool lives in the same operational space as ACME clients and certificate deployment automation, but SSLMate's official documentation frames it as a managed certificate purchasing and monitoring service with a CLI.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/sslmate.conf~/.sslmate

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.sslmate

executables

Installed executables

CommandKindExposureNote
sslmatecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.10.0
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://sslmate.com

  • infoNo package-manager update timestamp was available.low confidence
  • infoRelease/tag comparison is only available for GitHub repositories.https://sslmate.comnone confidence

install metadata

Package metadata

Package keybrew:sslmate
Version1.10.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/sslmate
Homepagehttps://sslmate.com
Upstream docshttps://sslmate.com/help
LicenseMIT
Source archivehttps://packages.sslmate.com/other/sslmate-1.10.0.tar.gz
Uses from macOSperl
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesslmate
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

sslmate

nix profile install nixpkgs#sslmate
  • normalized package name match
  • Matched by: Sslmate
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ss/sslmate/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment