Managing SSL certificates manually has become increasingly impractical. Certificate lifetimes are getting shorter, infrastructures are more complex, and even a small renewal delay can result in service outages or browser warnings.
If you want to avoid manual certificate installation and prefer automatic issuance, renewal, and installation, and if this is supported on your server, you can consider ACME-based automation — a subscription service offered by SSL vendors such as Sectigo and DigiCert.
In this article, we will walk through how auto-renewal with ACME works, why it matters, and how Sectigo ACME Certificate-as-a-Service (CaaS) simplifies the entire SSL lifecycle – from issuance to renewal – without manual intervention.
What Is ACME?
ACME (Automatic Certificate Management Environment) is an industry-standard protocol designed to automate the process of issuing, validating, installing, and renewing SSL/TLS certificates.
Instead of logging into portals, generating CSRs, or tracking expiry dates, your server communicates directly with the Certificate Authority (CA) and handles everything automatically.
Introducing Sectigo ACME Certificate-as-a-Service (CaaS)
Sectigo ACME CaaS is a commercial-grade ACME solution that automates SSL certificate management while providing enterprise-level reliability, warranties, and professional support.
In short, it delivers:
- Fully automated issuance and renewal of SSL certificates using the ACME protocol
- Continuous coverage with automatic reissuance before certificates expire
- Scalability for multiple domains and subdomains
- Commercial trust and support, backed by Sectigo DV SSL and warranty coverage
Once configured, ACME runs quietly in the background as per Sectigo – no manual renewals, no downtime.
Subscription vs. Certificate Validity
One important concept with ACME automation is understanding the two different timeframes involved:
- ACME subscription validity: Typically 1 year
- Individual certificate validity: Short-lived certificates, usually ~90 days
As long as the subscription remains active, certificates are automatically reissued and rotated before expiry. You never need to worry about the short validity period – the system handles it for you.
How Auto-Renewal Works in Practice
When a certificate approaches its expiration date, the ACME client on your server automatically performs the following steps:
- Connects securely to Sectigo’s CA using the ACME protocol
- Creates a new certificate order
- Completes domain validation using:
- HTTP-01 (HTTP hash) or
- DNS-01 (DNS CNAME)
- Downloads the newly issued certificate and required intermediate chain
- Installs the certificate on the server
- Reloads the web service if required
All of this happens automatically, without administrator involvement.
What Is Required from Your Side?
After the initial setup, ongoing maintenance is minimal. You simply need to ensure that:
- The ACME client continues running on the server
- Your DNS or web server configuration remains compatible with the chosen validation method
- The ACME subscription stays active
- You must purchase ACME subscription and enable automatic subscription renewal
If these conditions are met, certificates will renew automatically – no manual actions required.
Important Note on Existing Certificates
ACME cannot be applied to existing non-ACME orders.
To use Sectigo ACME, a separate ACME subscription order must be placed. Once issued under ACME, certificates are fully automated going forward.
Key ACME CaaS Features at a Glance
- ACME protocol–based automation
- Instant certificate issuance
- Unlimited certificates per domain
- www and non-www coverage
- Free unlimited server licensing
- Billing per domain, not per certificate
- Validation methods: HTTP Hash (HTTP-01) or DNS CNAME (DNS-01)
Built for Modern Infrastructure
Sectigo ACME CaaS integrates seamlessly with almost any environment that supports ACME clients:
Web Servers
- NGINX, Apache, IIS and more
Containers & Orchestration
- Docker, Kubernetes
Control Panels
- cPanel and Plesk (SSH access required)
Custom & Enterprise Platforms
- ACME libraries available for Go, Python, .NET, PHP, and other languages
Why ACME Matters More Than Ever
With certificate lifetimes continuing to shrink and automation becoming a necessity rather than a convenience, it also reduces operational risk – no missed expiry dates, fewer urgent renewals, and less dependency on manual processes during busy periods.
This document has been prepared based on the currently available documentation and official updates provided by the SSL vendor at the time of writing. The information reflects the present functionality and behavior of the ACME-based automation and renewal process as shared by the vendor.
Please note that the SSL vendors are working on additional enhancements and solutions, which are expected to be released in the near future. As these updates become available, the documentation and recommendations may be revised accordingly to align with the latest capabilities and best practices.