Automation agent configuration file and defaults
The ACME-based CertCentral automation agent supports intelligent defaults, persistent settings, and flexible configuration management options. This dynamic system simplifies management of required command line arguments while providing broad control over all aspects of certificate lifecycle management.
Configuration file defaults
Creation
The default configuration file is automatically created during:
Service installation (
dc-acme service --install)Service startup, if missing
First use through the
--use-default-configflag
Format and location
The CertCentral automation agent uses a TOML-formatted configuration file for persistent settings.
Linux -
/var/digicert/acme-client/config/dc-acme.tomlWindows -
C:\Program Files\DigiCert\AcmeClient\config\dc-acme.toml
Smart configuration setting defaults
The CertCentral automation agent uses these default certificate request and issuance settings:
RSA certificates: Automatically use 2048-bit keys with
SHA256WithRSAsignature algorithmECDSA certificates: Automatically use 256-bit keys with
SHA256WithECDSAsignature algorithmEdDSA certificates: Automatically use
EdDSAsignature algorithmChallenge type: Defaults to
http-01withstandalonehandlerInstaller: Defaults to
filesystemfor broad compatibilityRenewal: Auto-ARI by default
Context-aware configuration
The service automatically adjusts related settings based on your choices:
Selecting
--key-type ECDSAautomatically sets appropriate key size (256) and signature algorithmSelecting
--key-type EdDSAautomatically sets EdDSA signature algorithmAll combinations are validated to prevent mismatched configurations
View current defaults
Use the --defaults flag to see all current default values:
# Linux
curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- --defaults
# Windows
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); Install-DigicertAcmeClient --defaults