Guided TLS/SSL certificate lifecycle automation
Annual plans
As of February 24, 2026, DigiCert TLS/SSL certificate plans are one year by default. Learn more about DigiCert annual plans.
Certificate lifecycle automation reduces the time and resources needed for repetitive TLS/SSL management tasks. Automation assigns common certificate work to an agent on your web server, including generating a CSR and installing the TLS/SSL certificate. Automation reduces TLS/SSL administrative overhead, reinforces security, and mitigates the risk of business disruptions.
Why is certificate automation important?
In addition to saving time and resources (hours or days per request), automation is essential due to shorter certificate lifespans for public-facing certificates.
In 2026, the maximum validity for a public-facing certificate will be 200 days, almost half of the current 398 days. By 2029, the maximum validity will be 47 days—less than 2 months. That means you need to renew and reinstall your TLS/SSL certificate at least seven times each year.
How easy is certificate automation?
If your server admin team has the skill to install a TLS/SSL certificate, you already have the resources to install a client on your server that does the work for you. Also, automation client management is a one-time setup with minimal maintenance later. Before you get started, check the system and knowledge requirements for automation.
If you're new to certificate automation, CertCentral guides you through the setup process. Even if you're more experienced, our guided automation setup helps configure your credentials and client commands. And if you're do-it-yourself or need a more scalable automation solution, see automate certificate lifecycle.
How does CertCentral guided certificate automation work?
DigiCert TLS/SSL automation is based on the ACME protocol (Automated Certificate Management Environment). ACME is one of the most common and robust forms of certificate lifecycle automation. No regular manual maintenance is required following initial setup.
Configure your certificate — Identify your domain, organization, and contacts.
CertCentral generates your ACME instructions — Create the unique command or credentials needed to automate your certificate.
Set up the CertCentral automation agent (or your own ACME client) — By default, DigiCert recommends the CertCentral automation agent. When you generate the automation command for this agent, the command installs the agent and configures automation. If you prefer a third-party ACME client such as Certbot, install the client on your web server and run the ACME instructions generated for you.
Let DigiCert and ACME automatically issue, install, and renew your certificate While you manage the rest of your business.