- DigiCert product docs
- CertCentral
- 憑證工具
- Guided TLS/SSL certificate lifecycle automation
- CertCentral automation agent operational specification
- Install the CertCentral automation service
Install the CertCentral automation service
You can install the CertCentral automation agent on your web server with or without an immediate certificate request. If you're new to using this service, we recommend running the automation command that you generate in CertCentral, which includes the certificate request.
If you're familiar with web server administrative tools, and you want to test the service, install the CertCentral automation agent without requesting a certificate.
Installation directories
Example 1. Linux
Installation:
/usr/local/Digicert/AcmeClient/Binary:
/usr/local/Digicert/AcmeClient/bin/dc-acmeSymlink:
/usr/local/bin/dc-acme
Example 2. Windows
Installation:
C:\Program Files\Digicert\AcmeClient\Binary:
C:\Program Files\Digicert\AcmeClient\bin\dc-acme.exePATH: Automatically added to system PATH
Installation without ACME operations
Install the service without requesting a certificate.
Example 3. Linux
curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash
Example 4. Windows
PowerShell one-liner
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); Install-DigicertAcmeClientAlternative PowerShell execution
# Download and save script first Invoke-WebRequest -Uri "https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1" -OutFile "install.ps1" # Execute with any dc-acme arguments .\install.ps1; Install-DigicertAcmeClient request enroll ` --directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" ` --email "admin@example.com"
Installation with ACME operations
Install the service and request your certificate through standard ACME operations.
Example 5. Linux
# Get general help with improved default information curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- --help # View all default configuration values curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- --defaults # Get request help with default values shown curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- request --help # Basic certificate enrollment (uses intelligent defaults: RSA 2048, http-01, standalone, filesystem) curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- \ request enroll \ --directory-url https://one.digicert.com/mpki/api/v1/acme/v2/directory \ --email admin@example.com \ --cn example.com # ECDSA certificate with smart defaults (automatically uses ECDSA 256, SHA256WithECDSA) curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- \ request enroll \ --directory-url https://one.digicert.com/mpki/api/v1/acme/v2/directory \ --email admin@example.com \ --cn example.com \ --key-type ECDSA # Complete enrollment with all options curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- request enroll \ --directory-url https://one.digicert.com/mpki/api/v1/acme/v2/directory \ --email admin@example.com \ --eab-key your-eab-key \ --eab-hmac your-eab-hmac \ --cn example.com \ --sans www.example.com,api.example.com \ --challenge-type http-01 \ --challenge-handler-name standalone \ --installer-handler-name filesystem \ --installer-handler-args "cert_file_extension=pem"
Example 6. Windows
# Get general help
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); Install-DigicertAcmeClient --help
# View default configuration values
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); Install-DigicertAcmeClient --defaults
# Get request help
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); Install-DigicertAcmeClient request --help
# Basic certificate enrollment (uses intelligent defaults)
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); `
Install-DigicertAcmeClient request enroll `
--directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" `
--email "admin@example.com" `
--cn "example.com"
# ECDSA certificate with smart defaults
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); `
Install-DigicertAcmeClient request enroll `
--directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" `
--email "admin@example.com" `
--cn "example.com" `
--key-type "ECDSA"
# Complete enrollment with EAB and custom handlers
iex ((New-Object System.Net.WebClient).DownloadString('https://automation-service.digicert.com/dc-acme/1.0.0/windows/install.ps1')); `
Install-DigicertAcmeClient request enroll `
--directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" `
--email "hello@digicert.com" `
--eab-key "2d_1Ox4qYrFJukQ0mVKAfzspqr9POoEcGzunZhXcMFQ" `
--eab-hmac "MTE4Y2ViZGUyMDg3YTA2ZjA5MzFlMTIzY2Q1ZjljNmU1NmEwNDUzOTkxYzhlZTI0ZGMzZTllNDgzMWY1MTczMQ" `
--cn "clienttest.ab.com" `
--challenge-type "http-01" `
--challenge-handler-name "standalone" `
--installer-handler-name "filesystem" `
--installer-handler-args "cert_file_extension=pfx,pfx_password=abc123":