Add or configure a new ACME Service

ACME service detail page

Additional ACME services besides the pre-configured Let's Encrypt services can be added on this detail page if required. The configured services can be used for automatic certificate management for virtual hosts as described in the article Tab – SSL.

Setting

Description

Name

Name of the new service.

URL

ACME service endpoint URL inclusive protocol.

Renew Window

Minimum remaining validity period of the certificate in percent. The certificate is renewed when the threshold value is reached.

[Comment]

Comments can be added using the Button dark-gray - click to edit comment button.

For each ACME service used by a virtual host, a firewall rule is set to allow the network endpoint. The host and port information is automatically extracted from the URL field. It is not necessary to add the ACME service to the list of allowed network endpoints.

By using an ACME service, you automatically agree to the terms and conditions of use for the service.

For Let's Encrypt subscriber agreement, see Let's Encrypt policy and legal documentation.

Section – External Account Binding

Some ACME certificate authorities have existing account management systems that are separate from ACME accounts. To create a new ACME account with these providers you must register with some extra information to link the new ACME account with the external account. This setup is known as External Account Binding (EAB). Further information can be found in the official Apache 2.4 documentation of External Account Binding (EAB).

When enabled, you can add a Key ID string value and an HMAC key value as credentials.

Section – Expert Settings Apache

The default configuration of Apache is suitable for most general purposes and usually, no further customization is required. However, adding related ​mod_md tweaks in the code box makes custom configuration possible.
For more information and examples, see official Apache 2.4 mod_md documentation.