UnifySSL
Sign inGet started

Edge SSL & routing control plane

Every domain, secured automatically.

UnifySSL is the control plane for your edge: automatic certificates for unlimited domains, point-and-click routing and security, and validated deploys to your whole fleet. All built on Caddy.

Get started free See pricing

On-demand certs · wildcards · Let's Encrypt + ZeroSSL · multi-region

unifyssl.com / domains
api.acme.comauto-TLSsecured
*.customers.acme.devwildcardsecured
status.acme.io74dsecured
shop.partner.coverifyingissuing
checkout.acme.comauto-TLSsecured
Automatic TLS Unlimited domains Wildcards & on-demand Validated deploys Multi-tenant Built on Caddy

Certificates

TLS, handled — for every hostname.

Apex, wildcard, or a customer's BYO domain: each one gets a valid certificate automatically. On-demand issuance, Let's Encrypt and ZeroSSL, renewals you never think about, and a shared cert store across your fleet.

  • On-demand issuance for custom domains
  • One wildcard cert covers every subdomain
  • Renewals + expiry alerts, automatic
cert · api.acme.com
status active
issuerLet's Encrypt
renewsin 74 days
sansapi.acme.com

Routing & security

Compose rules. Ship validated config.

Reverse-proxy, redirect, block an IP or user-agent, rate-limit abusive clients — build it point-and-click and UnifySSL compiles it to native Caddy config. Every change is validated before it ever reaches a node.

  • Proxy, redirect, block, allow-list, rate-limit
  • Compiles to Caddy JSON — no hand-edited Caddyfiles
  • Caddy validates each config before it loads
api · routing
proxy/api/* → 10.0.0.4:8080
redirect/old → /new
block203.0.113.0/24
rate-limit50 / s per IP

Fleet & rollout

One control plane for your whole edge.

Push validated config to every node, see exactly which is in sync, and roll back to any earlier revision in a click. Caddy's atomic loads mean a bad config is rejected, never applied — your running edge stays up.

  • Deploy to one node or the whole fleet
  • Config-drift visibility + one-click rollback
  • Append-only revision history
rollout
gw-eu-1fsn1r5
gw-us-1ashr5
gw-sg-1sinr5
all nodes in sync

Multi-tenant

Give every customer their own scoped view.

Organizations, teams, and roles are built in. Each tenant manages just their domains, routing, and traffic — with their own admins and invites — without ever seeing the rest of your edge.

  • Org → team → app access control
  • Self-serve signup or invite-only onboarding
  • Scoped traffic, logs, and certificates
tenants
Acme IncCourierPortal · 12 domains
ThinkAppy2 apps · 4 domains
Partner Coshop.partner.co · 1 domain

Live in three steps.

01

Add a domain

Point a hostname at UnifySSL, or verify a customer's custom domain with a single DNS record.

02

Get a certificate

TLS is issued and renewed automatically — apex, wildcard, or on-demand for BYO hostnames.

03

Route & deploy

Compose proxy, redirect, and security rules, then push the validated config to your edge.

No more hand-edited Caddyfiles.

UnifySSL replaces the sprawl of per-server configs and cert scripts with one source of truth. Postgres holds the desired state; every node pulls and applies exactly the config it should be running — and nothing else.

# before — one of these per server, by hand
status.acme.io {
  reverse_proxy localhost:8080
  tls certs@acme.io
}

# after — one control plane, validated + deployed
$ unifyssl deploy --all
  ✓ validated config (r5)
  ✓ gw-eu-1  applied
  ✓ gw-us-1  applied
  ✓ all nodes in sync

Start unifying your SSL.

Free to start. Add your first domain in minutes.

Get started Sign in