ACME Integration
ACME Integration
Section titled “ACME Integration”Short Summary: Use the Automated Certificate Management Environment (ACME) protocol to request certificates from public CAs like Let’s Encrypt or private ACME servers.
Prerequisites
Section titled “Prerequisites”- Public Internet Access: For Let’s Encrypt, the Agent must reach
acme-v02.api.letsencrypt.org. - Challenge Ports: Port 80 (HTTP-01) or API Access to DNS (DNS-01).
Configuration
Section titled “Configuration”- Navigate: Admin > CA Gateways > Add New.
- Select Provider:
ACME. - Directory URL:
- Production:
https://acme-v02.api.letsencrypt.org/directory - Staging:
https://acme-staging-v02.api.letsencrypt.org/directory
- Production:
- Email: Your email for expiry notifications.
Validation Types
Section titled “Validation Types”HTTP-01
Section titled “HTTP-01”The CA makes a request to http://<domain>/.well-known/acme-challenge/<token>.
- Requirement: Agent must run on the web server or behind a load balancer routing that path to the Agent.
DNS-01
Section titled “DNS-01”The CA checks for a TXT record _acme-challenge.<domain>.
- Requirement: Configure a DNS Provider in the “Connectors” section (e.g., Route53, Cloudflare).
Troubleshooting
Section titled “Troubleshooting”Issue: “Timeout during connection” Fix: Ensure your web server allows inbound traffic on Port 80 from the world.