Add or configure a new ACME Service
Additional ACME services besides the pre-configured Let's Encrypt services can be added on this detail page if required. The configured services can be used for automatic certificate management for virtual hosts as described in the article Tab – SSL.
Setting | Description |
|---|---|
Name | Name of the new service. |
URL | ACME service endpoint URL inclusive protocol. |
Renew Window | Minimum remaining validity period of the certificate in percent. The certificate is renewed when the threshold value is reached. |
[Comment] | Comments can be added using the button. |
For each ACME service used by a virtual host, a firewall rule is set to allow the network endpoint. The host and port information is automatically extracted from the URL field. It is not necessary to add the ACME service to the list of allowed network endpoints.
By using an ACME service, you automatically agree to the terms and conditions of use for the service.
For Let's Encrypt subscriber agreement, see Let's Encrypt policy and legal documentation.
Section – External Account Binding
Some ACME certificate authorities have existing account management systems that are separate from ACME accounts. To create a new ACME account with these providers you must register with some extra information to link the new ACME account with the external account. This setup is known as External Account Binding (EAB). Further information can be found in the official Apache 2.4 documentation of External Account Binding (EAB).
When enabled, you can add a Key ID string value and an HMAC key value as credentials.
Section – Expert Settings Apache
The default configuration of Apache is suitable for most general purposes and usually, no further customization is required. However, adding related mod_md tweaks in the code box makes custom configuration possible.
For more information and examples, see official Apache 2.4 mod_md documentation.