Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


ACME offer by DigiCert

DigiCert ACME offer allows you to automate both public and private DV, OV and EV certificates by using your preferred third-party ACME client.

How to access the tool?

ACME is available (in Beta version) on all TBS Certificates Centers.

The pre-requisites

To use ACME you'll have to set up a pre-validation (except for the DV certs).

A pre-validation is required for each organization/certificate type (OV, EV) couple for which you'll need to order ACME certificates.

You'll also have to implement and configure a third-party ACME protocol of your choice before using the tool.

Finally you should preferably prepare your Apache HTTP configuration before placing your first ACME order.

How does it work?

Once all the requirements are met, go on the ACME section of your Certificate Center.

ACME URL

The first step is to create an ACME URL or access point:

Creation of an ACME access point

Give a friendly name to your access point, select the relevant product and organization and click on "Creation of an ACME access point".

A URL can be invalidated at any time.

Once it is done, the credentials needed for your preferred ACME client to communicate with the DigiCert cloud (KID value and HMAC key) are displayed as long as an example of command to order a certificate:

ACME credentials

Warning: The credential are only displayed once at the moment they are created. Save those values to be able able to order certificates. If you ever lose your ACME URL details, you'll need to revoke the lost URL and generate a new one.

A unique path ("directory" parameter) must also be created for each ACME URLs.

Your ACME URLs are then displayed:

List of ACME URLs

The order

You can now order certificates!

To do so, execute the command displayed in the exmaple above.

The certificates delivered by ACME are also displayed on the page:

List of ACME certificates

Note: the tool does not allow to revoked certificates issued by ACME yet.

Once the tool is ready you can configure crons that will handle automatic renewals of your ACME certificates.

For which products?

ACME is available for all SSL DV, OV and EV products of the DigiCert family (DigiCert, Thawte, Geotrust, RapidSSL).

Only products valid for 1 year (not plan offers) are available on ACME.

The invoicing

ACME certificates prices are debited from the account balance just like a normal order for Deposit accounts. They benefit from the same negotiated prices. For Bulk Purchase and Rebate accounts, tokens are debited.

Note: the account must be creditor to accept ACME orders. They are not charged in realtime, but "from time to time".

Likewise, Bulk Purchase and Rebate accounts must have tokens available to pass order.

In the Certificate Center

Your ACME certificates are easily accessible from the ACME section of your Certificate Center but are also displayed in the "classic" other sections. They are identifiable by their TBS reference starting with "DCACME-".

Further information

There are some particularities to the ACME certificates:

  • their anniversary dates are lost during renewal
  • their validity period is defined by the CA/B Forum (13 month maximum for now)
  • ACME certificates benefit from the 30 days "Money back guarantee". The refund requests will have to be done via the certificate status page.

ACME clients

There are several ACME clients available from which you can make a choice according to your needs and constraints. You'll find a non-exhaustive list here.

What's next?

In the few next weeks, you'll be able to revoke your ACME certificates from their status page.