CERTCENTRAL
ACME
Automated Certificate Management Environment (ACME) Protocol
With native support for the ACME protocol, DigiCert enables turnkey automation of certificate issuance and renewal across web servers, cloud workloads and more. CertCentral supports ACME workflows for DigiCert public TLS certificates (DigiCert, GeoTrust and Thawte), while Trust Lifecycle Manager extends ACME-driven automation to public and private certificates from DigiCert and third-party certificate authorities.
What it does
- Enables automated certificate issuance and renewal using DigiCert or any third-party ACME clients (e.g., Certbot) for supported endpoints.
- In CertCentral, customers can add ACME credentials and use them to automate DigiCert TLS certificate issuance and renewal via ACME.
- In Trust Lifecycle Manager, customers define certificate profiles, generate ACME credentials, and then use ACME clients to initiate issuance and renewals from DigiCert and third-party Certificate Authorities, private or public.
- Trust Lifecycle Manager’s inventory and policy controls allow visibility and management of ACME-issued certificates in a central UI.
- Supports DevOps automation via ACME
Why it matters
- Lower administrative burden: Automate short-lived TLS certificate renewal cycles (e.g. 200-, 100-, 47-day certificate validity, 10-day domain control validity) across heterogeneous infrastructure.
- Reduced outage risk: Minimize downtime from errors or expired/missed certificate renewals.
- Broad protocol support: Use a single ACME approach across web, load balancers, containers, and cloud workloads.
- Extended flexibility via Trust Lifecycle Manager: Manage ACME workflows for both DigiCert and third-party CAs, with policy, inventory, and lifecycle visibility.
How it integrates
- Integration is protocol-native using the ACME and ACME ARI standards
- In CertCentral, users create ACME Directory URL entries to generate the ACME credentials used for DigiCert TLS certificate automation.
- In Trust Lifecycle Manager, users define ACME-based certificate profiles which generate ACME credentials for use in ACME clients.
- After credentials are provisioned, the ACME client (on server, load balancer, container, etc.) invokes certificate issuance, renewal, or reissue using those credentials.
Resources
- Blog: What is ACME and Why Is It Important?
- Blog: TLS Certificate Lifetimes Will Officially Reduce to 47 Days
- Trust Lifecycle Manager ACME Automation Overview
- Trust Lifecycle Manager, ACME and common DevOps platforms
- Trust Lifecycle Manager with Third-Party ACME Clients
- CertCentral with Third-Party ACME Clients
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2025 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings