CertCentral automation agent operational specification
These reference articles provide technical details for CertCentral automation command parameters and operations. This reference includes specifications and descriptions for both the CertCentral automation service and for common ACME operations.
When you start a certificate request in CertCentral, CertCentral generates the automation command for you. You run the automation command on your web server to install the ACME-based CertCentral automation agent. Then the agent submits the certificate request to DigiCert and receives and installs the certificate for you.
Automation command example
A typical default CertCentral automation command for Linux and Apache is constructed like this:
curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- request enroll \ --directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" \ --email "john.smith@mycompany.com" \ --eab-key "4f6QE0_IhSvoDS1KxJwf1hCFWLEw9KcyROu7AbbHOuA" \ --eab-hmac "YWIwY2I1YWY2MDY5NTZjM2ZmNTE5NzYxMjA3YmU3NjNhYmM2YmI0NjJmNTk3MzRhMTkzMjhkMTk0ZmE5OWI0YQ" \ --cn "mycompany.com" \ --key-type "RSA" \ --challenge-type "http-01" \ --challenge-handler-name "apache" \ --installer-handler-name "apache" \ --installer-handler-args "identifier=mycompany.com"
Automation command general operation
When you run the CertCentral automation command on your web server, the command performs these actions:
Checks if the
DigicertAcmeClientservice exists.If the automation service exists, we verify the service is running or start the service if not running. No additional download required.
If the automation service doesn't exist, we download the
dc-acme.zippackage and then automatically extract, install, and start the service.
Runs the ACME operations defined in the automation command with specified and default options.
Automatically cleans up temporary files when all operations are complete.