Phone sales support +39 0575 05077
  Phone technical support +39 0575 0508
Certificati SSL

An SSL (Secure Sockets Layer) Certificate is a digital certificate that authenticates the identity of a website and encrypts communication between the server and the visitors’ browser. It establishes a secure communication channel which protects sensitive data, such as login details, payment details and other personal information.

When a user visits a website that has a valid SSL Certificate, the browser verifies that the certificate is authentic and that the website is safe, displaying a green padlock symbol in the browser bar.

What is ACME? 

ACME (Automatic Certificate Management Environment) is a communication protocol that allows you to automate operations relating to SSL DV Single Host and SAN Certificates, such as:

  • generation of CSR,
  • domain validation,
  • download of Certificate,
  • installation of Certificate on the website 
  • request for renewal of the Certificate. 

All these activities can in fact be carried out completely automatically using a dedicated client, once the ACME service has been activated from the customer area.


Who can activate ACME? 

ACME can only be activated for DV Certificates of the following types: 
  • Single Host, i.e. those for which the Single Domain option was selected at the time of purchase; 
  • SAN, i.e. those for which Up to 5 websites were selected at the time of purchase. 
 

How to activate ACME

Once you have completed the process of purchasing the Single Host type SSL DV Certificate ("Single Domain") or the SAN type ("Up to 5 Websites") you must follow the steps below.

 

step 1
 
 

Check

that you fulfill the necessary requirements, namely: 
  • that you have administrative access (as root or administrator) to the server on which the SSL Certificate is to be installed;
  • that the server on which the SSL Certificate is to be installed allows incoming HTTP/HTTPS calls from the Actalis CA;
  • that online payment (PayPal or credit card) is set up in the customer area; 
  • that there is a default payment method (for information click here).
 
 

step 2
 
 

Request activation of ACME

  1. access the customer area, using the guide;
  2. go to the Services section; 
  3. from the side menu on the left, click on the Manage using ACME option; 
  4. check the acceptance box relating to the text after reading the terms and conditions. 
 
 

step 3
 
 

Install the client

starting from the customer area, again in the Manage with ACME section, depending on the operating system of the server on which the Certificate is to be installed:
  • for Linux: click on ACME client recommended for Linux (you will be redirected to the Certbot client's official website); 
  • for Windows: click on ACME client recommended for Windows (you will be redirected to the Win-Acme client's official website): it is advisable to install the client at the "programfiles\win-acme" path. 
 
 

step 4
 
 

Request the Certificate

using the prompt command of the server on which it is to be installed: 
  • on Linux: open a shell with root user and then launch the command: replacing the name of the domain or subdomains, the email address with your own, the KID and Key parameters with the KID and KEY retrieved from the code copied from the customer area, from the side menu on the left Manage with ACME, in the ACME Users  area.
    • for a Single Host DV Certificate:
      certbot --apache --server https://acme-api.actalis.com/acme/directory --eab-kid KID --eab-hmac-key KEY -d www.example.com --agree-tos -m [email protected] --no-eff-email
    • for a SAN type DV Certificate (multi-domain), it is sufficient to add additional options -d followed by the respective additional domains:
      certbot --apache --server https://acme-api.actalis.com/acme/directory --eab-kid KID --eab-hmac-key KEY -d www.example.com  -d example.com -d ftp.example.com --agree-tos -m [email protected] --no-eff-email
  • on Windows, open powershell as an administrator;
    • for a Single Host DV Certificate: 
      wacs --source iis --installation iis --siteid SITEID --baseuri "https://acme-api.actalis.com/acme/directory" --eab-key-identifier "KID" --eab-key "KEY" --accepttos --emailaddress [email protected]
    • for a SAN type DV Certificate (multidomain) the domain must be configured on IIS so as to manage multiple domains; the command to be used is:
      wacs --source iis --siteid s --baseuri "https://acme-api.demo.actalis.com/acme/directory" --eab-key-identifier "KID" --eab-key "KEY" --accepttos --emailaddress [email protected] --installation iis --nocache 
    If there are multiple SiteIDs defined on the IIS server, this command may not work or may produce the wrong result: in this case you must set the correct SiteID value or launch Win-Acme interactively (giving the wacs.exe command without parameters).
From the commands specified above, replace the email address with your own, the SiteID with the site identifier on IIS, the KID and KEY parameters with the KID and KEY recovered from the code copied from the customer area (from the side menu on the left Manage using ACME, in the ACME usernames area).
 

step 5
 
 

Verify activation of the Certificate with ACME

from the customer area as follows: 
  1. access the customer area, using the guide;
  2. go to the Services section; 
  3. from the side menu on the left, click on the SSL Certificates option;
  4. check that the ACME label is present for the Certificate in question under the Activation Type option.
At this point you need to: 
  1. view the website from the browser;
  2. check the presence of the padlock on the left next to the site address and that the Certificate is issued by Actalis. 
 
 
There are several ways of registering the user and request Certificates with ACME, including use of the same clients: this is not intended to be an exhaustive guide in this regard but only to give practical help to those who do not have the technical knowledge necessary for managing the service.
 

FAQs

Can I manage ACME before buying a Certificate?
Yes, it is possible but only if a default online payment method (PayPal or credit card) is set up in the customer area: for information click here
How does renewing a Certificate with ACME work?
One of the most popular features of the ACME protocol is the ability to automatically renew the SSL Certificate with which it is associated. 

To renew a Certificate with ACME, you need to:
  • set up an online payment method (PayPal or credit card) in the customer area
  • set up a default payment method (for information click here).
If these two conditions are met when the Certificate expires, the system will automatically renew the service. In this way the ACME client already installed on the server will be able to manage all the features related to the ACME protocol.
I have carried out the action required for step 4 ("Apply for the Certificate") but I get an error message: what can I do?
In the event of an error, you need to wait for a few minutes and then:
  1. access the customer area, using the guide;
  2. go to Account;
  3. select Order History;
  4. check if there is an order with a creation date after the date on which the error message was received:
    • if there is:
      1. check that the online payment method (PayPal or credit card) set up in the customer area has sufficient credit to cover the cost of the service; if not, increase the credit or update the payment method with a valid one; finally click on the Pay button;
      2. check that the order is paid for
      3. relaunch the command in step 4 of this guide.
    • if there is not: relaunch the command shown in step 4 of this guide.