Best-fit use cases
Runbooks, dashboards, reviews, and handoff material make the work auditable.
| Use case | Why managed certificates fit |
|---|---|
| Expiry incidents keep recurring | Inventory, renewal alerts, automation, and runbooks reduce surprise outages |
| Kubernetes TLS needs ownership | cert-manager issuers, ingress certificates, and secret rotation need a clear platform owner |
| Internal services need encryption | Internal PKI or Vault PKI can provide service identities without relying on manual self-signed certificates |
| DNS validation is fragile | ACME DNS-01 flows require reliable provider access and change control |
| Legacy apps need certificate formats | Java keystores, PKCS#12, PEM bundles, and custom rollout workflows need operational handling |