Skip to main content

Third-party ACME integration

With CertCentral, you can use your preferred third-party ACME client to automate certificate deployments and reduce your TLS administration overhead.

CertCentral's ACME implementation lets you automate both public and private DV and OV/EV certificates for short validity or multi-year deployments. CertCentral also supports the Signed HTTP Exchange certificate extension, so you can automate your Signed HTTP Exchange certificate deployments via ACME.Add ACME credentials in CertCentral

Before you begin

Make sure these prerequisites are met before using CertCentral ACME services to manage certificates:

Warning

Any ACME OV/EV certificate request for a non-validated organization will fail, requiring you to download and install the certificate yourself. Make sure the OV/EV product is listed in the "Validated for" column of the Certificates > Organizations page before requesting that type of certificate through ACME. Contact DigiCert Validation Support if you need help validating your organization.

Domain validation

  • For DV certificates, domain control validation checks are always performed dynamically through the ACME protocol.

  • For OV/EV certificates, if the domain is prevalidated, CertCentral performs domain validation checks itself, out-of-band and independent of the ACME protocol. If the domain is not prevalidated in CertCentral, domain validation checks are performed dynamically through the ACME protocol.

Warning

Domain validation for OV/EV certificates works differently when using legacy ACME credentials created before January 30, 2024. For details, see: Use legacy CertCentral ACME credentials