Understand lifecycle action behavior
ACME requests follow the lifecycle rules defined by the associated certificate profile. When an ACME client submits a request, CertCentral evaluates it and determines the appropriate action:
If the request matches an existing order, CertCentral applies the default lifecycle action for that account type
If no matching order exists, CertCentral treats the request as a new certificate enrollment
If the ACME directory URL includes a lifecycle action parameter, CertCentral performs the specified action regardless of the default
Auto-detection rules for matching existing orders
CertCentral uses the following rules to match an ACME request to an existing order:
The existing order must have been issued through ACME
The product name, common name, and SANs must match the existing order
For wildcard orders: requested domains can be subdomains of an existing order and SANs can be added or removed
For non-wildcard orders: common name and SANs must exactly match the original order
If multiple orders match, CertCentral selects the one with the longest validity and a matching product type from the certificate profile
If no matching order is found, the request is treated as a new enrollment
Default lifecycle actions by account type
For Authkey-enabled accounts: DV certificate automation requests are approved and issued immediately. For non-Authkey accounts: DV automation requests move to Approval pending status until DCV is complete.
For standard plans: CertCentral renews the certificate if it is within the certificate renewal window. For Multi-year Plans: CertCentral reissues the certificate to use remaining plan coverage.
Approval behavior
If approval is required and not automatically granted, the request remains in Approval pending status until validation or approval is complete.
What's next
Maintain credential integrity to protect ACME credentials and ensure uninterrupted automation workflows