ACME Directory URLs for Signed HTTP Exchange certificates

Create an ACME Directory URL for a Signed HTTP Exchange certificate

Generate a unique ACME Directory URL for your Signed HTTP Exchange certificate in your CertCentral account. You'll need the "Signed HTTP Exchange" ACME Directory URL in your CertBot certificate request command.

Before your begin

Before creating the ACME Directory URL for your Signed HTTP Exchange certificate, make sure these prerequisites are met:

  • The domain's CAA resource record is set up properly.
  • The Signed HTTP Exchange certificate profile option is enabled for your account.

For more information, see:

Create an ACME Directory URL

  1. In your CertCentral account, in the sidebar menu, click Automation > ACME Directory URLs.

    ACME Dirrector URLs page in CertCentral

  1. On the ACME Directory URLs page, click Add ACME Directory URL.

  1. In the Add ACME Directory URL popup window, enter a friendly Name for the URL.


  1. In the Product dropdown, select the OV or EV TLS/SSL certificate you want to include in the CanSignHttpExchanges extension and issue with ACME.

Currently, the CanSignHttpExchanges extension can be included only in OV and EV TLS/SSL certificates.

  1. In the Division dropdown, associate a division to the ACME Directory URL.

All certificates issued from this URL will be attached to the selected division.

  1. In the Organization dropdown, select the prevalidated Organization you want to issue the certificate for.

  1. Under Validity period, select Custom length. In the Days box, enter a number from 1 to 90.

Per industry standards, certificates that include the Signed HTTP Exchange extension have a 90-day maximum validity limit.

  1. Expand Additional Certificate Options. Under Certificate profile options, check Include the CanSignHttpExchanges extension in the certificate.

  1. Click Add ACME Directory URL.

  1. In the New ACME Directory URL popup window, copy your unique ACME URL and save it.

    Use this URL to request your certificate with your ACME client.

When you generate an ACME Directory URL, it is displayed only once. There is no way to retrieve a lost ACME URL. If you ever lose an ACME URL, you need to revoke the lost URL and generate a new one.

  1. Click I understand I will not see this again.

What's next

Your new ACME Directory URL is added to the list of URLs on the ACME Directory URLs page (in the sidebar menu, click Automation > ACME Directory URLs).

For details about certificates you can order via the ACME Directory URL, click the information icon next to the URL Description.

Before using your ACME client to order your SSL/TLS certificate with the CanSignHttpExchanges extension, make sure you've set up your domain's CAA resource record. You also need to create an ECC CSR for your "Signed HTTP Exchange" certificate order.