Skip to main content

Guided TLS/SSL certificate lifecycle automation

Certificate lifecycle automation reduces the time and resources you need for repetitive, human-dependent TLS/SSL management tasks. Automation assigns common certificate work, such as generating a certificate signing request (CSR) and installing the TLS/SSL certificate, to an agent on your web server. Automation reduces TLS/SSL administrative overhead, reinforces security, and mitigates the risk of business disruptions.

Why is certificate automation important?

In addition to saving time and resources (hours or days per request), automation is essential due to shorter certificate lifespans for public-facing certificates.

In 2026, the maximum validity for a public-facing certificate will be 200 days, almost half of the current 398 days. By 2029, the maximum validity will be 47 days—less than 2 months. That means you'll need to renew and reinstall your TLS/SSL certificate at least 7 times each year.

How easy is certificate automation?

If your server admin team has the skill to install a TLS/SSL certificate, you already have the resources to install a client on your server that does the work for you. Also, automation client management is a one-time setup with minimal maintenance later. Before you get started, check the system and knowledge requirements for automation.

If you're new to certificate automation, CertCentral guides you through the setup process. Even if you're more experienced, our guided automation setup helps configure your credentials and client commands. And if you're do-it-yourself or need a more scalable automation solution, see our advanced certificate lifecycle automation help.

How does CertCentral guided certificate automation work?

DigiCert TLS/SSL automation is based on the ACME protocol (Automated Certificate Management Environment). ACME is one of the most common and robust forms of certificate lifecycle automation. No regular manual maintenance is required following initial setup.

  1. Configure your certificate

    Identify your domain, organization, and contacts.

  2. CertCentral generates your ACME instructions

    Create the unique command or credentials that you need to automate your certificate.

  3. Set up the CertCentral automation agent (or your own ACME client)

    By default, we recommend the CertCentral automation agent. When you generate the automation command for this agent, the command installs the agent and configures automation.

    If you prefer a third-party ACME client (such as Certbot), you'll need to install the client on your web server. You can then run the ACME instructions we generate for you on your preferred client.

  4. Let DigiCert and ACME automatically issue, install, and renew your certificate

    While you manage the rest of your business.

In this section: