I'm working on https://www.certkit.io. It started as a solution to handle TLS certificate automation for my other SaaS products, but we realized other people who run on-prem workloads might get something out of it.

It uses Let's Encrypt by default. We use delegated DNS to handle ACME challenge validation (we run the DNS, you just CNAME to us). This means you don't need to give us DNS credentials or anything. And for HA workloads it's great, because there's a central clearinghouse for certificates - so all the machines in your web farm (or whatever) get the same cert, but you don't run in to rate limits with LE.

We're recovering Windows Server guys so we made sure our automation works for painful windows workloads like IIS, Exchange etc. too.

We've had enough interest that we're building it out for real. Just left beta last month.