How to enable ACME

What is ACME?

ACME (Automatic Certificate Management Environment) is a communication protocol that lets you automate operations on SSL certificates. ACME can be used to: 

  • generate the CSR
  • validate domains
  • download the certificate
  • install the certificate on a website 
  • request the renewal of a certificate 

all fully automatically

Who can enable ACME

You can only enable ACME if you have a subscription plan with one of the following types of DV SSL Certificates

  • Single Host (you chose the Single Domain option when ordering); 
  • SAN (if you chose the Up to 5 websites option when ordering).

What you need to do before enabling ACME

After ordering the Single Host or SAN type DV SSL Certificate, check:

  • that you have admin access (as root or administrator) to the server on which you are installing the SSL certificate; 
  • that the server on which you install the SSL certificate allows incoming HTTP/HTTPS calls from the Actalis CA;
  • that you have set up an online payment method (PayPal or credit card) from the payment options in your customer area; 
  • that you have set up a default payment. Follow the guide to set up a default payment method.

How to enable ACME on a Linux server

  1. Sign in to your Customer area with your username and password. If you can’t remember how to do this, follow the guide to sign in to your Customer area;   
  2. select Manage with ACME
  3. go to Install ACME client for Linux. You will be redirected to the official Certbot client website; 
  4. sign in to the server on which you have to install the certificate; 
  5. open a command shell with root user; 
  6. run the command based on the type of certificate you purchased, after replacing the domain name, your email address, the KID and KEY parameters with those you retrieved from the Customer Area. You can copy the KID and KEY from your Customer Area: you will find them in Manage with ACME, under ACME Credentials:  
    • if you have a Single Host DV certificate: certbot --apache --server https://acme-api.actalis.com/acme/directory --eab-kid KID --eab-hmac-key KEY -d www.nomedominio.estensione --agree-tos -m nometuacasella@ nomedominio.estensione --no-eff-emailThis command is also valid if you have Apache. You may need to change parameters for other systems. 
    • if you have a SAN DV certificate (for multiple domains), add as many options -d followed by the domain name, as the number of domains you want to certify: certbot --apache --server https://acme-api.actalis.com/acme/directory --eab-kid KID --eab-hmac-key KEY -d www. nomedominio.estensione  -d altronomedominio.estensione -d altro.nomedominio.estensione --agree-tos -m nometuacasella@ nomedominio.estensione --no-eff-email

How to enable ACME on a Windows server

  1. Sign in to your Customer area with your username and password. If you can’t remember how to do this, follow the guide to sign in to your Customer area;  
  2. select Manage with ACME
  3. go to Install ACME client for Windows. You will be redirected to the official Win-Acme website. We recommend you install the client at the path "programfiles\win-acme"; 
  4. sign in to the server on which you have to install the certificate; 
  5. open the Powershell as administrator; 
  6. run the command based on the type of Certificate you purchased, after you have replaced your mailbox, SITEID, KID, and KEY parameters with the KID and KEY you retrieved from the Customer Area (to do this, access the Customer Area, go to Manage with ACME, under the ACME Credentials section): 
    • if you have a Single Host DV certificate: wacs --source iis --installation iis --siteid SITEID --baseuri "https://acme-api.actalis.com/acme/directory" --eab-key-identifier "KID" --eab-key "KEY" --accepttos --emailaddress nometuacasella@ nomedominio.estensione
    • if you have a SAN DV certificate (for multiple domains), configure the domain on IIS to manage multiple domains; then run the command: wacs --source iis --siteid s --baseuri "https://acme-api.actalis.com/acme/directory" --eab-key-identifier "KID" --eab-key "KEY" --accepttos --emailaddress nometuacasella@ nomedominio.estensione --installation iis --nocache 
      If there are multiple SITEIDs on the IIS server, this command might not work: in this case, set the correct value for the SITEID or run Win-Acme interactively (to do this, run the command acs.exe without parameters). 

How to check that the certificate has been enabled with ACME

  1. Sign in to your Customer area with your username and password. If you can’t remember how to do this, follow the guide to sign in to your Customer area;  
  2. select Manage with ACME
  3. check that ACME is enabled
  4. view your website from the browser;
  5. check that there is a padlock icon next to your website's address and that the Certificate is issued by Actalis.

You can register the user and request Certificates with ACME in many ways: this guide is not exhaustive but can assist you if you do not have the technical knowledge necessary to manage the service with ACME.

Help us improve

In this guide