시스템 및 네트워크 요구 사항

DigiCert ACME 자동화 에이전트를 설치하기 전에 시스템과 네트워크가 최소 요구 사항을 충족하는지 확인하십시오.

중요

To avoid conflicts, do not install a DigiCert sensor and agent on the same system. Use a dedicated host for the sensor.

시스템 요구 사항

ACME 에이전트 소프트웨어는 Linux 및 Windows 시스템에서 실행되며 다음 요구 사항이 있습니다.

Server type	Supported OS versions	Minimum specifications
Windows	Windows 10 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2025 Standard	64비트 버전 2GB RAM(4GB RAM 권장) 2GB 여유 디스크 공간(최소) Microsoft .NET Framework 4.x installed Administrator privileges
Linux	Red Hat Enterprise Linux 7.x Red Hat Enterprise Linux 8.x Red Hat Enterprise Linux 9.x Ubuntu 20.04 or later	64비트 버전 및 US 로캘 필요 2GB RAM(4GB RAM 권장) 2GB 여유 디스크 공간(최소) CLI utilities `awk`, `grep`, `sed`, `lsof`, and `dos2unix` installed Root privileges

네트워크 요구 사항

The DigiCert agent on each host must be able to resolve the fully qualified domain names (FQDNs) for the local web server, either via DNS or a local "hosts" file.

HTTPS(포트 443)에 대한 아웃바운드 연결.

Region	Platform URLs¹	TCP port	Protocol
Americas (U.S.A.)	`one.digicert.com`, `clientauth.one.digicert.com`	443	HTTPS
APJ (Japan)	`one.digicert.co.jp`, `clientauth.one.digicert.co.jp`	443	HTTPS
EMEA (Netherlands)	`one.nl.digicert.com`, `clientauth.one.nl.digicert.com`	443	HTTPS
EMEA (Switzerland)	`one.ch.digicert.com`, `clientauth.one.ch.digicert.com`	443	HTTPS
_{1. For users with an on-premises DigiCert ONE deployment, the agent needs to access port 443 (HTTPS) on the local DigiCert ONE instance and ClientAuth host (for example, my-org.one.digicert.com and my-org.clientauth.digicert.com).}

In addition, the agent requires outbound access to the below host for Trust Lifecycle Manager discovery and automation services:

Region	URL	TCP port	Protocol
All regions	`automation-service.digicert.com`¹	443	HTTPS
_{1. This service is delivered through a content distribution network (CDN) and the IP addresses may vary by region. If your organization uses IP-based allowlists, look up the automation-service.digicert.com host in your local region to determine which IP addresses to allow.}

참고

If using a local DigiCert® sensor as proxy, the agent must also be able to connect outbound to the proxy listening port on the sensor. To learn more, see Use a sensor as a proxy server.

Loopback ports

To support automated certificate delivery, the agent binds to the following loopback port(s) on the local host. To adjust the loopback port numbers for an installed agent, edit the applicable configuration file/parameter in the agent conf sub-directory and restart the agent service.

Loopback port	Description	Agent conf file	Configuration parameter
58080	Local communications port for the plugin manager process used to manage certificate delivery events for Trust Lifecycle Manager.	config.toml	`ControlPort`
61613	Local communications port for Simple (or Streaming) Text Oriented Messaging Protocol (STOMP). Used for message queuing between the main agent process and the plugin manager process.	config.toml	`StompPort`

What's next

To install an agent on a single server, see: Install and activate a DigiCert agent.
To bulk install agents on multiple servers at once, see: Install DigiCert agents in silent mode.
If your organization has a private on-premises instance of DigiCert ONE, make sure you meet the additional requirements to use DigiCert agents for certificate lifecycle automation.