Configure automation agent to use a custom ACME client

With managed automation, you can use a DigiCert provided ACME client, or you can configure the Agent to use your ACME client. To use a custom ACME client, you need to specify the client command path and arguments when configuring the automation agent.

Set up steps

For using your own ACME client, you need to do the following:

  1. Write a script or a .bat file based on platform that has the request command for the ACME client.
  2. Define the application in the console as “custom”.
  3. Define the script location path and arguments in the console, for the agent to execute the script.

Ensure the following checks for command path:

  • Must end with .bat or .sh.
  • Must not be more than 255 characters.
  • Must not include any privileged commands or special directives like rm -rf or rmdir.

Ensure the following checks for command arguments:

  • Must include the mandatory parameters.
  • Must not exceed 512 characters.
  • Must not include any privileged commands or special directives like rm -rf or rmdir

Configure ACME client

  1. In your CertCentral account, in the left main menu, go to Automation > Manage automation.
  2. On the Manage automation page, click the agent name.
  3. In agent details panel to the right, drill down to the Configure IP/Port section.
  4. Select the application for any configured IP/Port as “Custom”.
  1. In the client command path, provide the full directory path for the script that will run your custom ACME client.

    For example:

    • Windows: G:\certcentral\agent\custom_acme_client.bat
    • Linux: /home/certcentral/agent/custom_acme_client.sh
  1. In the client command arguments field, specify the ACME client arguments included in the script for your custom client.

    CertCentral automation supports the following ACME arguments:

    • {acmeDirectoryUrl} – Pass specific ACME directory URLs.
    • {host} – Specify the host details.
    • {email} – Specify email address.
    • {key} – Specify key algorithm: RSA or ECC.

    For example:

    {acmeDirectoryUrl} {hosts} {email} {key}

  2. Save the configuration changes.

What's next?

After you have saved the configuration, go back to CertCentral to run the ACME automation agent.