Skip to main content

Configure an ACME automation agent

After installing and activating an ACME agent on a certificate host, configure it in CertCentral to specify which applications will have certificates managed by the agent.

Configure application settings

  1. In the CertCentral main menu, go to Automation > Manage automation.

  2. In the Name column, select the agent you want to configure.

  3. The automation configuration panel opens on the right.

  4. In the Configure IP/Port section, locate the local applications listed by IP address and TCP port number.

  5. For each application you want to automate, select the correct application name and version.

  6. For applications you want to exclude from automation, set the application to Ignore.

    Alternatively, select Ignore all not configured IP/Ports at the top of the section to exclude all unconfigured applications.

  7. To enable Server Name Indication (SNI) for automated certificates, select Enable SNI and specify the applicable domain names.

  8. Select Save.

Configure agent management settings

  1. In the CertCentral main menu, go to Automation > Manage automation.

  2. In the Managed by column, select the agent you want to manage.

  3. From the agent software management view, configure the following as required:

    • Select Suspend to pause the agent or Void to disable it permanently.

    • Update the custom name assigned to the agent.

    • Update the email address for notifications related to the agent.

    • Select whether the agent updates automatically (default) or prompts before updating.

    • Set the heartbeat communication interval for syncing with CertCentral.

    • Enable agent debug logging if required for troubleshooting.

  4. Select Save.

Set up automation for a custom application

Use the custom application option to extend certificate management to applications not natively supported by CertCentral automation.

Before you begin

  • An active DigiCert agent must be installed on the server

  • A third-party ACME client must be installed on the server

  • A shell script must be prepared to invoke the ACME client during automation events

Notice

The shell script must meet the following requirements:

  • Must include all mandatory parameters

  • Must not exceed 512 characters

  • Must not include special directives such as rm -rf or rmdir

  1. In the CertCentral main menu, go to Automation > Manage automation.

  2. In the Name column, select the agent running on the server with the custom application.

  3. In the Configure IP/Port section, locate the IP address and port for the custom application.

  4. Select Custom as the application type.

  5. Enter the required ACME arguments for the custom application.

  6. Select Save.

What's next

  • After setting up the custom application, manage certificates for it from CertCentral in the same way as any other managed application. To learn more, see Next steps.

  • To set up automation for network appliances such as load balancersInstall and activate a sensor.

In diesem Abschnitt: