Automation of TLS certificate issue and installation (ACME protocol)
Certificates for SSL/TLS secured connection can be obtained automatically in just a few seconds. Certificates can also be installed on the server in automated fashion with no steps necessary from you. SSL Market now makes managing your SSL/TLS certificates even easier.
What is ACME protocol
ACME protocol allows communication with the CA directly from the server and makes the certificate issue and installation process fully automatic. ACME client thus allows the certificate to be installed with no help from the administrator, which saves both your time and money.
Certificate issuing process
Before using the ACME protocol for DigiCert certificates, it is necessary to contact us first. In the first step we will verify both your company and domains for which the certificates will be issued.
Once the verification process is done, we will send you so-called "ACME Directory URL", which is unique for each customer and product. After calling this URL, the certification authority will know what certificate to issue and who will be its recipient (domains are specified as a parameter in the ACME request).
After obtaining this ACME URL, you can issue the certificate for specified domains. The whole process takes just a few seconds. This certificate’s issue will be fully automated with no steps necessary from you.
DigiCert currently allows OV and EV certificates to be issued through ACME, not DV certificates with domain verification. However, these will be available via ACME during March 2023 (they are currently in beta testing).
Tutorials for ACME agents
ACME protocol is platform-independent; this allows you to find an ACME client in virtually every major programming or scripting language. For those of our customers running commercial web servers, the most relevant clients will be for Linux (Apache, nginx) and Windows Server. We have conducted detailed testing and it resulted in the following recommendations:
Web server Linux
In order to use the ACME protocol on Linux server, we recommend ACME client called Certbot, which can install certificates automatically on Apache, nginx and other common webservers. You just need to install appropriate plugin. Certbot works reliably for both Apache and nginx, therefore we can recommend it for commercial deployment as well. There are no known difficulties with this setup. You can learn more in the How to obtain TLS certificate using ACME protocol on Linux tutorial.
Windows Server and IIS
The popular Certbot is designed for Linux and you cannot use it on a Windows server. We have been looking for an option to recommend for ACME for you on Windows Server with IIS and we recommend win-acme. We have tested the functionality of this client and can recommend it for Windows Server and IIS. You can find more information and instructions in the article Take advantage of ACME automation on a Windows Server as well.