# Install sslmate with Homebrew, Nix

Buy SSL certs from the command-line. Version 1.10.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:sslmate
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install sslmate
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#sslmate
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ss/sslmate/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:sslmate
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/sslmate>
- **Version:** 1.10.0
- **Source summary:** Buy SSL certs from the command-line
- **Homepage:** <https://sslmate.com>
- **Upstream docs:** <https://sslmate.com/help>
- **License:** MIT
- **Source archive:** <https://packages.sslmate.com/other/sslmate-1.10.0.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- sslmate (cli)
- sslmate (alias)

## Uses from macOS

- perl

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sequoia, sonoma, tahoe, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.10.0
- Local data: ok
- Upstream repository: https://sslmate.com
- info: No package-manager update timestamp was available.
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

SSLMate is a certificate-management service with a command-line client for buying, renewing, revoking, downloading, and configuring SSL/TLS certificates. Its package-manager identity is the rare commercial PKI workflow that intentionally feels like a Unix command.

### Project history

The SSLMate 1 CLI reference describes sslmate as the command-line client for SSLMate, a service for purchasing and managing SSL certificates. The tool automates certificate busy work such as generating a private key, generating a CSR, building a certificate bundle, renewing certificates, and downloading renewed certificates from scripts or cron.

The current SSLMate help system presents the older Basic SSLMate service, the SSLMate command-line interface, APIv2, and newer SaaS-oriented surfaces such as sslmate-agent and APIv3. The changelog shows ongoing service evolution around certificate approval, API keys, DNS integrations, Cert Spotter, and Certificate Transparency search.

### Adoption history

SSLMate's own homepage markets the service around automation and shows the terminal command sslmate buy www.example.com as a first-class product interaction. It also lists customer logos and testimonials, including users praising command-line certificate purchase.

The supplied package metadata shows Homebrew and Nix packaging. That limited but meaningful package footprint matches the tool's audience: administrators and developers who want certificate issuance and renewal to be scriptable from Unix-like systems.

### How it is used

The CLI is organized into subcommands such as buy, renew, reissue, rekey, revoke, download, list, show, edit, test, mkconfig, retry-approval, and link. The link command writes API credentials to the personal SSLMate configuration file so later commands can run without prompting.

On startup the CLI reads /etc/sslmate.conf and ~/.sslmate when present, with the personal file overriding global options. The SSLMATE_CONFIG environment variable can point to a different personal configuration file, and profiles can produce alternate global configuration and certificate directories.

### Why package nerds care

SSLMate matters to package nerds because it packages certificate issuance as an installable CLI, not just a web dashboard. That made it fit naturally into cron, configuration management, and server provisioning long before every certificate workflow was expected to be ACME-native.

It also shows why credential-file documentation matters in package databases: the same file can be both a user config and an API-key store, so package metadata should distinguish ordinary config from secret-bearing state.

### Timeline

- 2014: SSLMate changelog feed identifies the service changelog namespace from 2014.
- 2021: SSLMate changelog records per-domain authorized CA configuration for Cert Spotter.
- 2022: SSLMate changelog records flexible API key permissions and prefixed API keys.
- 2023: SSLMate changelog records expanded Cert Spotter APIs, webhooks, DNS integrations, Slack notifications, and CT Search API improvements.
- 2024: SSLMate changelog records additional DNS integrations and changes driven by CA/Browser Forum certificate-approval policy.
- 2026: SSLMate changelog records simpler DNS approval record names.

### Related projects

- Related SSLMate surfaces include Cert Spotter, the Certificate Transparency Search API, sslmate-agent, APIv2, APIv3, and DNS provider integrations.
- The tool lives in the same operational space as ACME clients and certificate deployment automation, but SSLMate's official documentation frames it as a managed certificate purchasing and monitoring service with a CLI.

### Sources

- <https://sslmate.com/>
- <https://sslmate.com/help>
- <https://sslmate.com/help/changelog>
- <https://sslmate.com/help/reference/cli1>
- input source_facts.package-manager


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/sslmate.conf, ~/.sslmate

## Credential files

- Unix: ~/.sslmate
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** sslmate
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - sslmate: normalized package name match | nixpkgs package indexes: pkgs/by-name/ss/sslmate/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [dnsrobocert](https://www.automicvault.com/pkg/brew/dnsrobocert/) - Shares av.db curated category or tags: certificate-management, cli, security.
- [fetch-crl](https://www.automicvault.com/pkg/brew/fetch-crl/) - Shares av.db curated category or tags: certificate-management, cli, pki, security.
- [step](https://www.automicvault.com/pkg/brew/step/) - Shares av.db curated category or tags: certificate-management, cli, pki, security.
- [certstrap](https://www.automicvault.com/pkg/brew/certstrap/) - Shares av.db curated category or tags: cli, pki, security.
- [cfssl](https://www.automicvault.com/pkg/brew/cfssl/) - Shares av.db curated category or tags: cli, pki, security.
- [easy-rsa](https://www.automicvault.com/pkg/brew/easy-rsa/) - Shares av.db curated category or tags: cli, pki, security.
- [gsan](https://www.automicvault.com/pkg/brew/gsan/) - Shares av.db curated category or tags: cli, security, ssl-certificates.
- [minica](https://www.automicvault.com/pkg/brew/minica/) - Shares av.db curated category or tags: cli, pki, security.

## Combined YAML source

View the package source record on GitHub. [combined/sslmate.yml](https://github.com/automic-vault/db/blob/main/combined/sslmate.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
