How to activate Certum SSL certificate using ACME?
ACME is a protocol that allows the automation of issuing SSL certificates. It minimizes human involvement in the process, so required operations are performed using software installed on the server, which contacts the CA via API and performs the steps necessary to issue the certificate.
Supported certificate types
Using ACME it is possible to issue Commercial SSL certificates in Certum in the following variants:
- for a single domain or IP address
- multi-domain
- wildcard.
The supported methods of verifying control over the domains are:
- dns-01 – for single domain, multi-domain and wildcard certificates. Verification by placing a TXT record in the domain’s DNS. Example:
_acme-challenge.yourdomain.com 300 IN TXT "hyKlXXXXXX"
- http-01 – for single domain, multi-domain and IP addresses certificates. Verification by placing a file in a location on the www server. Example:
http://yourdomain.com/.well-known/acme-challenge/9w57XXXXXX
with the following content:
9w57XXXXXX._whfUXXXXXX
Enabling ACME activation for the product
- Log in to the Customer account in the Certum system or log in straight to the Data security products panel https://certmanager.certum.pl
- For ordered, not activated certificate go to its certificate details, choose the option to activate in ACME and accept it
- In case of using partner account, order new certificate choosing activation type: ACME activation
- As a result, you will receive credentials: kid and hmac, necessary to request certificate in ACME:
- kid (Key ID): ACME account identifier to access specific account in the request
- hmac: cryptographic key used to sign requests.
The returned data is ready for use in the ACME client. You may check the example instructions for activating the certificate using Certbot.