CertCentral uses the ACME protocol to automate your certificate request on dedicated hosts, such as web servers or point-of-service devices. DigiCert recommends using your preferred ACME Client. However, we will be using EFF’s Certbot as the reference client for all examples. Implementation for other clients may vary.
Scenario
CertCentral issues certificate associated with the old ACME directory URL.
Solution
To get a certificate associated with the new ACME Directory URL, create a new directory, and provide the config-dir parameter when requesting the client.
Create a configuration directory for the new certificate.
For example:
C:\< ConfigDirectory >
Run the command specifying the configuration directory, ACME Directory URL, HMAC key, and KID parameters.
.\certbot certonly --register-unsafely-without-email --standalone -d <Domain> --config-dir <"UniqueConfigDirectoryPath"> --server <ACMEURL> --eab-kid <KIDValue> --eab-hmac-key <HMACkeyValue>
Scenario
Revoked ACME Directory URL prevents getting a certificate with the new ACME Directory URL.
Solution
To get a certificate associated with the new ACME Directory URL:
Delete the configuration directory of the previously issued certificate configured with the revoked ACME directory URL.
Create a configuration directory for the new certificate.
For example:
C:\< ConfigDirectory >
Run the command specifying the configuration directory, ACME Directory URL, HMAC key, and KID parameters.
.\certbot certonly --register-unsafely-without-email --standalone -d <Domain> --config-dir <"UniqueConfigDirectoryPath"> --server <ACMEURL> --eab-kid <KIDValue> --eab-hmac-key <HMACkeyValue>
Scenario
Timeout error
Solution
Before you place a certificate request:
Go to Certificates > Organizations.
On the Organizations page, check the validation status of the organization you have requested the certificate for.
If the organization is not validated, review the request, and resubmit for validation. For more information, see Manage organizations.
Go to Certificates > Domains.
On the Domains page, check the validation status of the domain you have requested the certificate for.
If the domain is not validated, review the request, and resubmit for validation. For more information, see Manage domains.
Go to Certificates > Requests.
On the Requests page, find and click the certificate order link to approve the request.
Go to Settings > Preferences.
On the Division Preferences page, under Advanced Settings, in the Approval Steps section, select Skip approval step: remove the approval step from your certificate order processes.