ACME Automation for SSL Certificate Management

WHAT MAKES US DIFFERENT

Fully Automated

Renew, rekey or install your certificates with ACME in minutes

Fast Creation of Multiple Certificates

Easily issue new DV, OV, EV certificates

Managed by Certify TLS Manager

Easy and user-friendly way to manage your certificates

Automating Certificate Lifecycle Management with ACME

Are you a hosting company, multi-website owner, or a large enterprise?
With TuringSign implementation of ACME, all of our customers can now can leverage this protocol to easily automate SSL/TLS certificate issuance, renewal, rekeying, and installation.

Certificate Issuance
Certificate Renewal
Revocation & Rekeying

Contact Us for ACME Demo

Contact us to reduce the effort and cost of managing multiple digital certificates.

ACME Documentation

To begin the process of automating SSL certificates through the ACME protocol, click the button to the right to access a quick overview of the ACME documentation page.

ACME Overview

ACME makes it easy for anyone to manage certificates.
ACME integrations will allow you to order and renew certificates automatically and completely free of charge.

ACME Protocol

The Automated Certificate Management Environment protocol (ACME) is a protocol for automating certificate lifecycle management.

ACME Client Implementations

A dedicated resource to help you find the right option to meet your requirements from a broad selection of popular tools.

ACME External Account Binding

Use this endpoint to generate a key identifier and HMAC key for ACME External Account Binding (EAB).

How does the ACME protocol work?

Client

An ACME client (also known as an ACME agent) is a software application or tool that interacts with an ACME server to automate the process of obtaining, renewing, and managing SSL/TLS certificates using the ACME protocol. ACME clients are used to simplify the process of setting up and maintaining secure HTTPS connections for websites and online services. They handle the technical details of domain validation, certificate issuance, renewal, and installation.

Server

ACME servers are typically provided by certificate authorities, such as Let's Encrypt, WiseKey, and responds to the requests made by the ACME client.

ACME

Certificate Issuance & Renewal

Once the ACME agent has been set up and verified, you can automate the certificate operations.

  • The ACME client generates a Certificate Signing Request (CSR) for the domain.
  • The ACME client signs both the CSR and the public key generated with its very own private key.
  • The CA issues the required certificate after verifying the signatures.
  • The ACME client installs the certificate on the domain server.

Benefits of using ACME with TuringSign

Do More Work With Less

TuringSign ACME service greatly reduces thetime and tedium required to manage certificates on a large scale.

Eliminates Website Outages

Eliminate human errors that lead to expirations and service outages. Handling certificates manually also exposes enterprises to considerable risks, including the potential for certificates to be overlooked until they expire. This can lead to gaps in ownership, which may result in unexpected outages or the failure of crucial business systems, and it increases the likelihood of security breaches

Fully Automated Domain Validation and Issuance

ACME streamlines the process of generating keys, validating domains, issuing certificates, installing them alongside the current CA chain, and restarting the server promptly, all occurring within a matter of seconds.

Hands Free Renewal

Through the incorporation of ACME by TuringSign, every one of our clients gains the opportunity to seamlessly leverage this widely adopted protocol for the effortless automation of SSL/TLS website certificate issuance and renewal

Improve Certificates Agility

The ACME service accelerates and streamlines the the process of obtaining certificates, featuring the latest profiles, key sizes, and key types. This ensures that your websites are consistently safeguarded with the most up-to-date SSL/TLS certificates.

Enhanced Security

ACME aids in bolstering security measures, reducing the vulnerability to breaches and unauthorized access which betterprotects against down sites, financial loss. ACME assists in meeting regulatory requirements by minimizing errors that could lead to compliance or regulatory penalties.

Popular ACME v2

Certbot

acme.sh

ACMESharp

acme-client

Posh-ACME

ACME FAQs

TuringSign uses the ACME protocol to verify that you control a given domain name and issues a certificate. To get a TuringSign certificate, you might need to choose to use Certbot or ACME.SH.

ACME was developed by the Internet Security Research Group (ISRG), the same organization behind Let’s Encrypt. Let’s Encrypt is one of the most well-known implementations of the ACME protocol, providing free SSL/TLS certificates.

ACME works through a set of defined interactions between a client (software on the server requesting the certificate) and an ACME server (usually provided by a Certificate Authority like Let’s Encrypt). The ACME client proves ownership of the domain or website for which it wants a certificate, and the ACME server issues the certificate if the verification is successful.

ACME employs different challenge mechanisms to verify domain ownership. The two main challenge types are the HTTP-01 challenge, where the client places a specific file on the web server, and the DNS-01 challenge, where the client adds a DNS record to the domain’s DNS configuration.

Yes, ACME supports the issuance of wildcard certificates. A wildcard certificate covers all subdomains of a domain. The DNS-01 challenge is commonly used to verify domain ownership for wildcard certificates.

A detailed answer to provide information about your business, build trust with potential clients, and help convince the visitor that you are a good fit for them.

 

Once you validate a domain, you may continue to issue certificates with that SAN for up to 397 days. Note that this period may change due to Industry Requirement changes at any time.

ACMEv2 offers several improvements over ACMEv1:

  • ACMEv2 has better support for wildcard certificates.
  • It introduces support for new challenge types, including the DNS-01 challenge for domain validation.
  • ACMEv2 provides a more extensible architecture for future enhancements.
  • ACMEv2’s protocol design places a stronger emphasis on security and privacy.

Free DV SSL with ACME for Anyone

Free of Charge & Management Console
By using TuringSign Free SSL, you will be able to generate an 180-day certificates at no charge.
For Free SSL users, TuringSign will allow you to keep track and manage your certificate from Certify TLS Manager. You can issue, install, monitor, modify and renew all of your certificates in a single portal.

Enter Domain

Step 1

CSR & Validation

Step 2

Certificate Issued

Step 3

Install & Complete

Step 4

SSL Certificate Installation Manuals

Apache Server Ver.1.x / 2.x/ 2.2 x

Tomcat Web Server

file_type_nginx

Nginx server

Microsoft IIS 8 & 8.5


SSL/TLS Certificates FAQs

Certificate Signing Request (CSR) is a block of encrypted data generated by the server which contains information such as organization name (company name), common name (domain name), region, and country required to generate certificates. It also contains a public and private key when the CSR is generated.

Creating a CSR depends on the type of web server which uses the certificates. Please refer to the instructions provided by the vendor to complete the process. If you are familiar with OpenSSL, you can use the following commands to generate a CSR and private key. openssl req -new -keyout server.key -out server.csr

You can use CSR (Certificate Signing Request) to order for an SSL certificate, but it does not require a private key. The private key must be kept secret. Certificates created with a particular CSR will only work with the private key generated by it. Please note that if you lose your private key, your certificate will no longer work any longer. Please refer to the explanation page for more details on how to create a CSR.

The SSL server certificate can be installed on different types of servers, please refer to the installation guide page after purchasing TuringSign SSL certificates.

To implement SSL/TLS on your website, you need to obtain an SSL certificate from a trusted CA. You then install the certificate on your web server and configure it to enable HTTPS. Many web hosting providers offer integrated solutions to simplify this process.

Yes, Google announced that they use  HTTPS as a ranking signal for SEO. Because Google tends to prioritize getting relevant information to users as quickly as possible, site performance is an important factor in Google search rankings. A site’s performance on mobile devices is especially important for SEO.

While there are different types of SSL certificates, only one certificate is needed per website.

Extended Validated (EV) SSL Certificates are the best for eCommerce stores. EV certificates offer the highest level of vetting and identity verification process out of all SSL certificate types.

Free Tools for TLS/SSL Cetificates

Free ssl tools to users to help with common SSL issues

SSL Checker

Review your SSL Certificate's Installation

CSR Decoder

Generate CSR with any hassle for new or renew SSL certificate

CSR Generator

Decode your Certificate Signing Request

Certificate Decoder

Verify your SSL Certificate is Correct.

SSL Converter

Convert SSL Certificates to different formats

Certificate Key Matcher

Quickly verify that your SSL certificate matches your CSR

* These resources can assist you in managing your SSL certificates. The tools are provided and owned by the third party. We are not responsible for any third party SSL tools.

0
    0
    Your Cart
    Your cart is empty

    AI-Powered Customer Support

    Integration of AI helps streamline the certificate issuance process while saving time and human resources

    AutoSSL

    Full Automation One-Stop SSL

    Fastest OCSP Speed Boosts Sales

    The Most Affordable Pricing

    TuringSign offers the cheapest prices with the best in-class product lines in the SSL industry

    Join the Waitlist

    Next Steps

    1. Validate Domain (Authenticate domain depending on which method you choose)

    Check the email that has been sent to you. To confirm the domain ownership rights for your certificate, you need to copy the validation code from the approval email, follow the link in it and paste the validation code into the corresponding field.

    From the email, please click the link to the verification page, Once in the verification page, please enter the code provided in the email for verification.

    That’s it!

    After you have completed verification, a confirmation email will be sent to you. And shortly after, an issue confirmation will be sent to you via email. You can follow the link to the portal to download your newly issued certificate.

    If you have followed the steps above and did not receive an approval email to your mailbox, please click the link to the portal and double check your validation method or contact us for help. 

    Another way of verifying a domain is DNS (TXT record) Verification. If you selected DNS Authentication as your verification method, you will receive a unique TXT record via email consisting of two parts:

    • 1. Name: Name/Host/Alias/TXT: Blank or @
    • 2. Value/Points to/Destination:”wisekey=XXXXXXX”
    • TTL: This is your TTL (Time-To-Live) value. Set it to 3600 or lower.

    Verify by adding a TXT record in your DNS. Please verify and check if you have added the correct record

    Please submit a requestfor support if you face any issues.

    Depending on your DNS provider, You may have to wait for at least an hour for the changes to take effect in the DNS Servers. You will be notified via email when the domain is verified.

    The third method of verifying a domain is HTTP File Upload Verification. After choosing File Authentication as your verification method, you will receive an email and be asked to download a unique verification file (Format: .txt) and upload it to a specific directory on your web server.



    Verify by uploading the attached file fileauth.txt in your web server as follows:



    • 1. Download the text file fileauth.txt (attached with the email).
    • 2. Upload the above file (fileauth.txt) to your host in this EXACT path: http://my-domain.com/.well-known/pki-validation/fileauth.txt


    You may have to wait for at least an hour for the changes to take effect in the validation services. You will be notified via email when the domain is verified.

    Please submit a request for support if you face any issues.

    2. Receive Confirmation (After validation an email will be sent with a link to certificate)

    3. Download certificate and upload to hosting

    Notice: After generating a CSR,
    1. Copy the Private KEY and keep this to yourself for reference.
    2. Copy only the CSR above and use(paste)
    in to request your TS Certificate.
    3. Click the top left button to close.