Skip to main content

Before you automate: prerequisites and limitations

Before configuring automation in CertCentral, confirm that your account, environment, and validation requirements are ready. Automation behavior depends on your account type, user role, payment configuration, and validation state.

Identify your account type

Your account type determines navigation paths, available user roles, and certificate coverage model. Check the menu identifiers in CertCentral to confirm your account type:

Account type

Menu identifiers

Coverage model

Subscription

Shop DigiCert Products, My Digital Trust Products

12-month subscription per protected asset. No Annual Plans or Multi-year Plans

Enterprise

Request a Certificate, Certificates. CertCentral Enterprise logo

Annual Plans and Multi-year Plans. Up to five user roles

Partner

Request a Certificate, Certificates. CertCentral Partner logo

Annual Plans and Multi-year Plans. Reseller and subaccount management

Legacy

Request a Certificate, Certificates. No suffix on logo

Transitioning to Subscription model

For a full explanation of account types, see Understand how CertCentral works.

Confirm account enablement

Automation features must be enabled for your account before use. If automation menus do not appear in the left navigation, contact your DigiCert sales representative or account manager to enable automation.

Users restricted to single sign-on (SSO) authentication may be unable to generate the required automation credentials. Before configuring automation, confirm that your account supports API key generation.

Confirm your user role and permissions

You must have Administrator or Manager access to install and configure automation clients. Root or administrator access on the host system is also required to install ACME agent and sensor software.

Confirm supported certificate types

Automation supports eligible TLS certificates issued in CertCentral. Behavior varies by certificate type:

  • DV certificates: Support automated issuance when validation conditions are satisfied. Authkey-enabled accounts approve and issue DV certificate automation requests immediately. Non-Authkey accounts place DV automation requests in Approval pending status until DCV is complete.

  • OV and EV certificates: Require completed organization validation before automated issuance.

  • Prevalidated domains: Allow streamlined automation workflows with faster issuance.

Automation does not bypass domain control validation or organization validation requirements.

Confirm payment configuration

  • Auto-renew and automated renewal require an account balance. Credit card payment is not supported for automated renewal.

  • Azure Key Vault and some integration-driven automation models require account credit as the default payment method.

  • Subscription accounts pay per protected asset. No per-certificate payment is required at request time.

Confirm system and network requirements

The ACME agent must be installed on the same system as the automated TLS certificates. The agent requires the following:

  • Outbound connection to HTTPS on port 443

  • Outbound connection to IP address 216.168.244.42 for acme.digicert.com and daas.digicert.com

  • Ability to resolve fully qualified domain names for the local web server via DNS or a local hosts file

If the agent connects through a DigiCert sensor as proxy, confirm the following communication port is open on the sensor:

  • Port 8080 for sensor version 3.8.46 and older

  • Port 48999 for sensor version 3.8.47 and newer

Confirm automation limitations

  • Deployment automation requires supported environments such as agent-based hosts or sensor-managed appliances

  • DNS integrations applied to automation profiles may inherit or override validation behavior based on profile configuration

  • Automated issuance behavior varies depending on approval settings and validation state

  • Certificate revocation cannot be entirely automated as a security precaution

What's next

  • To generate ACME credentials before configuring an ACME client or third-party tool: Create and manage ACME credentials to create External Account Binding credentials and associate them with a certificate profile

  • To install and configure managed automation agents and sensors on your hosts: Set up managed automation to install ACME agents and sensors and create automation profiles for certificate deployment

In questa sezione: