Automation of TLS certificate issue and installation (ACME protocol)
Certificates for SSL/TLS secured connection can be obtained automatically in just a few seconds. Certificates can also be installed on the server in automated fashion with no steps necessary from you. SSL Market now makes managing your SSL/TLS certificates even easier.
What is ACME protocol
ACME protocol allows communication with the CA directly from the server and makes the certificate issue and installation process fully automatic. ACME client thus allows the certificate to be installed with no help from the administrator, which saves both your time and money.
Certificate issuing process
Before using the ACME protocol for DigiCert certificates, it is necessary to contact us first. In the first step we will verify both your company and domains for which the certificates will be issued.
Once the verification process is done, we will send you so-called "ACME Directory URL", which is unique for each customer and product. After calling this URL, the certification authority will know what certificate to issue and who will be its recipient (domains are specified as a parameter in the ACME request).
After obtaining this ACME URL, you can issue the certificate for specified domains. The whole process takes just a few seconds. This certificate’s issue will be fully automated with no steps necessary from you.
DigiCert currently allows ACME protocol issuing for OV and EV certificates, DV certificates with domain verification are currently not allowed, however it will be possible in the future.
Tutorials for ACME agents
ACME protocol is platform-independent; this allows you to find an ACME client in virtually every major programming or scripting language. For those of our customers running commercial web servers, the most relevant clients will be for Linux (Apache, nginx) and Windows Server. We have conducted detailed testing and it resulted in the following recommendations:
Web server Linux
In order to use the ACME protocol on Linux server, we recommend ACME client called Certbot, which can install certificates automatically on Apache, nginx and other common webservers. You just need to install appropriate plugin. Certbot works reliably for both Apache and nginx, therefore we can recommend it for commercial deployment as well. There are no known difficulties with this setup.
Windows Server and IIS
To use ACME on Windows Server with IIS, you can use, for example Posh-ACME. Posh-ACME client. We are still testing Posh-ACME client, thus we cannot confidently recommend it for commercial purposes yet.