DigiCert introduced the ACME client DC-ACME for automation.

2 Jan 2026 | Jindřich Zechmeister

The new DC-ACME ACME client from DigiCert enables automatic certificate renewal without third-party tools. You therefore do not need to rely on Certbot or other programs. You can easily obtain the ACME EAB credentials in your SSLmarket account and start using it immediately.

New ACME client directly from CA DigiCert

The automation of TLS certificate management has become a standard part of running server infrastructure in recent years. The ACME protocol (Automatic Certificate Management Environment) enables automated issuance, installation, and renewal of certificates without the need for manual interventions. However, with commercial certification authorities, this automation has long relied mainly on the use of third-party ACME clients.

DigiCert is now significantly expanding this model. It has introduced its own official ACME client branded as DC-ACME, which makes it possible to use DigiCert's ACME services without the need to deploy external tools. Installation scripts and documentation are available on the official page DigiCert Automation Service.

ACME at DigiCert: a simpler operational model

Until now, DigiCert recommended using standard ACME clients compatible with the ACMEv2 protocol. This approach continues to be supported and remains fully functional. In practice, however, it meant having to choose the right client, install it, maintain it, and integrate it into the operating environment.

DC-ACME provides an alternative that consolidates these steps. It is an official ACME client directly from DigiCert, designed to be fully compatible with its ACME service while providing predictable behavior across platforms. Installation scripts are available for Linux and Windows, including support for running as a system service.

Details on the architecture and principles of ACME automation at DigiCert are described in the official documentation: DigiCert – ACME Automation Service.

External Account Binding (EAB) as part of security

An integral part of ACME integration at DigiCert is the use of the External Account Binding (EAB) mechanism. It serves to securely link the ACME account with specific customer entitlements and product settings. When registering an ACME account, a pair of information – Key ID (KID) and HMAC key – is used.

For SSLmarket customers, obtaining EAB credentials is very simple. ACME EAB credentials are available directly in the SSLmarket customer account, where they can be generated and then used when configuring the DC-ACME client.

Domain validation and DNS-01 support

The automation of certificate issuance is based on domain ownership validation using validation methods defined by the ACME protocol. Given that it will only be possible to use automated verification methods for obtaining a certificate in the future, it is advisable to start using the HTTP and DNS methods available in ACME. In environments where it is not suitable or possible to expose HTTP services directly to the internet, the DNS-01 method is often used.

DigiCert provides extensive documentation for integrating DNS-01 challenges with DC-ACME, including guides for individual DNS providers. This significantly facilitates the deployment of automation even in more complex infrastructures, including support for wildcard certificates.

An overview and technical details of DNS-01 challenges are available here: DC-ACME DNS-01 Challenge Guide.

Conclusion

The new ACME client DC-ACME offers DigiCert customers another way to introduce automated certificate management with less operational complexity. Compatibility with the ACMEv2 standard is maintained, while an officially supported tool is added directly from the certification authority.

SSLmarket customers can use this approach without complex configuration – the necessary EAB data is available in the customer account, and DC-ACME can be deployed using the official installation scripts. For organizations seeking a stable and predictable certificate automation solution, this is an interesting and practical step forward.

---