Automation service overview
Let op
Retiring Managed Automation in CertCentral
On October 1, 2026, DigiCert will retire the Managed Automation service in CertCentral. To continue using managed automation after this date, use DigiCert® Trust Lifecycle Manager.
A Trust Lifecycle Manager Advanced subscription is required for managed automation.
Learn about moving Managed Automation to Trust Lifecycle Manager
Note: API and ACME automation are still supported in CertCentral.
CertCentral automation is a suite of tools designed to simplify certificate lifecycle management from initial CSR generation through installation and ongoing renewal. With automation enabled, CertCentral manages certificate requests, installations, renewals, and reissues from a centralized location.
Automation is designed to be flexible and scalable. It supports certificate management for both standard hosts and network appliances, uses the industry-standard ACME protocol, and provides API calls for custom integrations.
Notice
Automation features must be enabled for your account before use. Contact your DigiCert sales representative or account manager to enable automation.
Automation supports the following actions
Enroll: request and install a new certificate on a host or appliance
Renew: renew a certificate approaching expiration and install the renewed certificate automatically
Reissue: reissue a certificate that is missing or has been revoked and install the reissued certificate automatically
Replace: replace a certificate issued by a non-DigiCert certificate authority with a DigiCert certificate
Notice
Certificate revocation cannot be entirely automated as a security precaution. CertCentral provides quick access to order pages for automated certificates to allow administrators to revoke certificates manually when required.
Supported environments
Out of the box, managed automation supports TLS certificate management for the following:
Web servers: Microsoft IIS, Apache HTTP Server, Apache Tomcat, Nginx, IBM HTTP Server
Network appliances: F5 BIG-IP LTM, Citrix ADC, A10, Amazon ELB, CloudFront
Cloud key management services: Microsoft Azure Key Vault
In addition, automation supports:
Third-party ACME clients such as EFF Certbot and Kubernetes cert-manager
Custom applications via shell script integration
DigiCert API library for custom integrations
Automation paths at a glance
Path | Best for | Automation client | Supported after Oct 1, 2026 |
|---|---|---|---|
Managed: ACME agent | Web servers (Apache, IIS, NGINX) | DigiCert ACME agent | No — migrate to TLM |
Managed: Sensor-based | Network appliances and load balancers (F5 BIG-IP) | DigiCert sensor | No — migrate to TLM |
Third-party ACME client | Environments where you manage your own ACME client (Certbot, Ansible, cert-manager) | Certbot, Ansible, Kubernetes cert-manager, or any ACME-compatible client | Yes |
Automation API | Custom applications that trigger automation programmatically | CertCentral API | Yes |
What's next
Review deployment options to determine whether ACME agent-based, sensor-based, or third-party ACME client automation fits your environment