Skip to main content

Automation agent configuration file parameters

Default configuration file example

# DigiCert ACME Client Configuration File
# Generated automatically with comprehensive documentation
# Modify values below according to your requirements

# Basic ACME settings (required for most operations)
directory_url = "https://one.digicert.com/mpki/api/v1/acme/v2/directory"
email = "admin@example.com"
eab_key = "your-eab-key"
eab_hmac = "your-eab-hmac"

# Certificate defaults (optional - uses smart defaults if not specified)
[certificate]
key_type = "RSA"                    # Options: RSA, ECDSA, EdDSA
key_size = 2048                     # RSA: 2048/3072/4096, ECDSA: 256/384/521
signature_algorithm = "SHA256WithRSA"  # Auto-selected based on key type
# organizations = ""                # Comma-separated list
# org_units = ""                    # Comma-separated list  
# countries = ""                    # ISO 3166-1 alpha-2 codes
# states = ""                       # State or province names
# localities = ""                   # City or locality names
# key_usages = ""                   # Standard key usage extensions
# ext_key_usages = ""               # Extended key usage extensions

# Challenge preferences (optional)
[challenge]
type = "http-01"                    # Options: http-01, dns-01
handler_name = "standalone"         # Handler implementation
# handler_args = ""                 # Handler-specific arguments

# Installer preferences (optional)
[installer]
handler_name = "filesystem"         # Default installer type
# handler_args = ""                 # Installer-specific arguments

# Service settings (optional)
[service]
log_level = "info"                  # Options: error, info, debug
auto_renew = false                  # Enable automatic renewal
auto_ari_renew = false              # Enable ARI-based renewal
auto_renew_days = 30                # Days before expiry to renew
# cert_store_path = ""              # Override default cert storage

Configuration settings reference

Global

  • directory_url - ACME server directory endpoint

  • email - Email address for ACME account registration

  • eab_key - External account binding key from DigiCert

  • eab_hmac - External account binding HMAC from DigiCert

Certificates

  • key_type - Private key algorithm (RSA, ECDSA, EdDSA)

  • key_size - Key size in bits (context-aware defaults)

  • signature_algorithm - Certificate signature algorithm (auto-selected)

  • organizations - Subject organization names

  • org_units - Organizational unit names

  • countries - Country codes (ISO 3166-1 alpha-2)

  • states - State or province names

  • localities - City or locality names

  • key_usages - Standard X.509 key usage extensions

  • ext_key_usages - Extended key usage extensions

Challenge (domain control validation)

  • type - Challenge validation method (http-01, dns-01)

  • handler_name - Challenge handler implementation

  • handler_args - Handler-specific configuration arguments

Installer

  • handler_name - Certificate installer implementation

  • handler_args - Installer-specific configuration arguments

Service

  • log_level - Logging verbosity (error, info, debug)

  • auto_renew - Enable automatic time-based renewal

  • auto_ari_renew - Enable ARI-based renewal optimization

  • auto_renew_days - Renewal threshold in days before expiration

  • cert_store_path - Override default certificate storage location

  • default_timeout - Default operation timeout in seconds

  • max_retries - Maximum retry attempts for incomplete operations

本节内容如下: