Skip to main content

Quick start: Automate your certificate with the CertCentral automation agent

This quick start guide walks you through automating (requesting, installing, and renewing) a DigiCert TLS/SSL certificate on your web server using a simple command-line setup. With these few steps, you can generate and run the required CLI command and secure your website with minimal hassle.

重要

Automating your certificate environment is increasingly important and necessary to save time and resources. As the maximum validity period of TLS/SSL certificates decreases, the number of times you'll need to renew and reinstall a certificate every year increases.

  1. Check system and resource requirements before you start. You should be familiar with command line and web server admin tools to complete these steps.

  2. If you don't have a CertCentral subscription with available certificates, add a TLS/SSL certificate subscription.

  3. Find the certificate type you want to install on your web server.

    1. On your DigiCert CertCentral dashboard, select My subscription.

    2. Select the CertCentral tile.

    3. Select the certificate type with available domains that you want to request a certificate for.

    4. Select the More actions menu (three vertical dots) at the end of the row and select Request a certificate.

  4. Start your certificate automation request.

    1. On the automation introduction page, select Automate now!.

    2. Provide your certificate and server information.

    3. Select the CertCentral automation agent as your ACME client.

    4. Generate the automation command.

      重要

      Don't forget to save this command

      This unique command and the embedded authentication credentials can't be regenerated or shown again.

      1. Automation command example (for Apache on Linux)
      curl https://automation-service.digicert.com/dc-acme/1.0.0/linux/install.sh | sudo bash -s -- request enroll \
--directory-url "https://one.digicert.com/mpki/api/v1/acme/v2/directory" \
--email "john.smith@mycompany.com" \
--eab-key "4f6QE0_IhSvoDS1KxJwf1hCFWLEw9KcyROu7AbbHOuA" \
--eab-hmac "YWIwY2I1YWY2MDY5NTZjM2ZmNTE5NzYxMjA3YmU3NjNhYmM2YmI0NjJmNTk3MzRhMTkzMjhkMTk0ZmE5OWI0YQ" \
--cn "mycompany.com" \
--key-type "RSA" \
--challenge-type "http-01" \
--challenge-handler-name "apache" \
--installer-handler-name "apache" \
--installer-handler-args "identifier=mycompany.com"

  5. Run the automation command on your web server to install the CertCentral automation agent. Then the CertCentral automation agent does the rest:

    • Generates the certificate signing request (CSR) and submits the certificate request based on the certificate options you provided.

    • Performs organization and domain validation.

    • Receives and installs the certificate when issued.

    提示

    See the CertCentral automation agent operational specification for more technical details on the automation command parameters and ACME operations.

  6. Validate successful installation and configuration:

    • In your web server's admin interface.

    • On your website. Check site information in the address bar for the lock icon or other indication of a secure connection.

    • With the DigiCert SSL Certificate Checker.

本节内容如下: