Sectigo ACME Certificate-as-a-Service (CaaS): Fully Automated SSL Issuance, Renewal, and Installation
Sectigo ACME Certificate-as-a-Service (CaaS) is the smarter way to manage SSL certificates at scale. Using the industry-standard ACME protocol, your servers connect directly to Sectigo’s Certificate Authority to automatically issue, validate, install, and renew certificates — keeping your websites and services secure without manual work.
- Fully automated. Completely eliminates the manual work of requesting, validating, issuing, deploying, installing, and renewing SSL certificates.
- Automatic renewals. No need to track expiration dates or worry about website downtime. Your certificate is automatically renewed and reinstalled on your server before it expires.
- Ready for shorter certificates. Very soon, all SSL certificates will be 47-day certificates—CaaS automatically updates your certificates as often as necessary, so you don’t have to worry about expirations or renewals.
- Simpler billing. You pay per domain, not per certificate; issue as many certificates as you need without paying more.
- Unlimited server licensing. You pay per added domain, not per server. Deploy the same subscribed domain across unlimited servers with no extra server licensing fees. Perfect for clusters, multi-server environments, containers, and distributed infrastructures, while allowing each server to use its own private key and certificate instance.
- Integration & setup guides. Get started faster with our setup guides for popular ACME clients, web servers, hosting control panels, and deployment environments. We provide practical instructions to help you configure Sectigo ACME CaaS across a wide range of platforms.
The best part? It’s fast and easy to set up with pre-built ACME agents that support most server types.
How it Works
Once your server is configured with an ACME-compatible client, CaaS will:
- Automatically prove domain ownership (via HTTP-01 or DNS-01 challenges)
- Automatically request & install certificates as needed
- Automatically renew & replace certificates before expiration — no further manual work required after setup
This direct, server-to-CA communication ensures continuous encryption, eliminates renewal gaps, and reduces operational risk — without relying on calendar reminders or human intervention.
Built for Your Existing Infrastructure
Sectigo ACME CaaS integrates with any environment that supports ACME clients, including:
- Web Servers- Compatible with web servers running NGINX, Apache, IIS, Caddy, and more
- VPS/Cloud Hosting – Works with any VPS hosting plan that provides you root/admin access, including AWS EC2, AWS Lightsail, DigitalOcean, Google Cloud Compute, Azure VM, GoDaddy VPS, Linode, and many others
- Containers - Works with Docker and Kubernetes
- Web Hosting Control Panels - Works with cPanel and Plesk (your hosting plan must enable SSH access)
- Custom Environments – Running a complex, customized platform? Easily automate SSL certificates in your systems with ACME libraries available for Go, Python, .NET, PHP, etc.
Manual SSL Management vs. Sectigo ACME CaaS Automation
Traditional SSL management is time-consuming and error-prone — and with SSL certificate lifespans getting shorter, it’s getting harder to keep up. Here's how Sectigo ACME CaaS transforms SSL management:
Automation
SSL
| Manual SSL Management Manual SSL Management | Automated with Sectigo ACME CaaS Automated with Sectigo ACME CaaS | |||
|---|---|---|---|---|
| General Features | ||||
| General Features | ||||
| Certificate Issuance and Installation | ||||
Certificate Issuance and Installation |
Manually generate and submit CSRs, validate domains, install renewed certificates | Run install command and ACME client automatically handles each step | ||
| Renewal Process | ||||
Renewal Process |
Manually renew, validate, issue, and install certificate | Renewals are handled automatically without any action needed | ||
| Risk of Downtime | ||||
Risk of Downtime |
High — missed renewals can cause outages | Low — automated renewal prevents certificate expirations | ||
| Scaling to Multiple Certificates | ||||
Scaling to Multiple Certificates |
High Effort — exponential manual workload | Low Effort — ACME agents can easily be configured to automate one or many certificates | ||
| Adaptation to Shorter Lifespans | ||||
Adaptation to Shorter Lifespans |
Will soon require manually renewing and reinstalling certificates every month | Automatically renews and updates your certificates so lifespan doesn’t matter (even when it drops to 47 days) | ||
Whether you're securing a single website or an entire network, Sectigo ACME Certificate-as-a-Service (CaaS) delivers scalable, fully automated SSL management that adapts to any certificate validity period — even as lifespans continue to shrink:
SSL/TLS Certificate Validity Chages (2026-2029)
Certificate Validity
Certificate Validity
Certificate Validity
Certificate Validity
-
Eliminate Manual Renewals
Never worry about tracking expiration dates or last-minute renewals again. Sectigo ACME CaaS automates SSL renewals, ensuring your certificates are always up to date without manual effort.
-
Reduce Downtime Risks
Expired certificates can cause costly service disruptions. Sectigo ACME CaaS eliminates this risk by automating SSL renewals, preventing downtime and security lapses. With ACME integration, your certificates will always be renewed before expiration, keeping your business online and protected.
-
Future-Proof Security
Stay ahead of evolving security standards with automated renewals for 90-day certificates. As shorter lifespans become the norm, Sectigo ACME CaaS ensures continuous protection and compliance without the need for manual intervention, keeping your encryption strong and always up to date.
-
Scale with Growth
Managing certificates (whether it’s 1 certificate or 1,000 certificates) doesn’t have to be complex. Sectigo ACME CaaS streamlines SSL deployment and lifecycle management, allowing you to scale effortlessly. Automate issuance, renewal, and revocation without increasing workload.
-
Easy Setup & Integration
Deploy SSL certificates effortlessly with step-by-step installation guidance tailored to your server environment and web server software. Just choose your website’s technical environment and we’ll walk you through a simple process to get your SSL certificate installed with just a few commands—no manual configuration.
Sectigo Certificate-as-a-Service is compatible with many different server/hosting environments, including:
- Web Servers - Compatible with web servers running NGINX, Apache, IIS, Caddy, and more
- VPS/Cloud Hostings – Works with any VPS hosting plan that provides you root/admin access, including AWS EC2, AWS Lightsail, DigitalOcean, Google Cloud Compute, Azure VM, GoDaddy VPS, Linode, and many others
- Containers - Works with Docker and Kubernetes
- Web Hosting Control Panels - Works with cPanel and Plesk (your hosting plan must enable SSH access)
Maximize efficiency, unlock revenue growth
We provide a powerful API that empowers our resellers to automate ACME and resell certificates with exceptional efficiency and ease.
-
What is Sectigo ACME Certificate as a Service (CaaS), and how is it different from traditional SSL certificates?
Sectigo ACME CaaS is a subscription-based service that automates SSL/TLS certificate management using the ACME protocol. It allows businesses to issue, renew, and manage SSL certificates automatically, without manual installation or expiration tracking.
Unlike traditional SSL certificates, which require manual reissues, renewals, and installation, Sectigo ACME CaaS provides continuous protection through automated renewals. This helps reduce downtime risks, operational workload, and human error.
-
How does ACME CaaS work?
Once your subscription is active and the required domain is added, you can connect your ACME client to Sectigo using the provided ACME credentials. Your ACME client will then:
- request a certificate from Sectigo,
- complete domain validation automatically,
- download the issued certificate,
- install it on the server,
- and renew it automatically before expiration.
This process repeats automatically during the active subscription period.
-
Which ACME clients are supported?
Sectigo ACME CaaS is compatible with any ACME-compatible client, including:
- Certbot – Recommended for Linux, Windows, and macOS environments
- acme.sh – A shell-based client suitable for advanced users
- Posh-ACME– Ideal for Windows PowerShell users
- win-acme – For Windows/IIS environments
- cert-manager – Designed for Kubernetes-based environments
-
Can I use Sectigo ACME CaaS without an ACME client?
>No, Sectigo CaaS requires an ACME client for certificate issuance and management. Customers who need manual SSL installation should consider traditional SSL products.
-
Do I need full administrative access to my server or hosting environment?
In most cases, to use Sectigo ACME CaaS, you need administrative (root or sudo) access to your web server or cloud environment to install and manage SSL certificates. This service is best suited for:
- Self-hosted servers (Apache, NGINX, IIS)
- Cloud environments (AWS, Azure, Google Cloud)
- Kubernetes deployments
-
Can I use Sectigo ACME CaaS on shared hosting?
You can use Sectigo ACME CaaS if your hosting provider offers:
- SSH access – Needed to run ACME clients like Certbot or acme.sh.
- Custom SSL installation – Your hosting control panel (e.g., cPanel, Plesk) allows you to upload SSL certificates.
- Cron jobs or scheduled tasks – Enables automated ACME renewals.
-
You can use Sectigo ACME CaaS if your hosting provider offers:
- SSH access – Needed to run ACME clients like Certbot or acme.sh.
- Custom SSL installation – Your hosting control panel (e.g., cPanel, Plesk) allows you to upload SSL certificates.
- Cron jobs or scheduled tasks – Enables automated ACME renewals.
-
What does “billing per domain” mean?
Billing is based on each domain, subdomain, or wildcard that you add to the ACME subscription. Examples:
- example.com = 1 billable domain ( www is included by default)
- app.example.com = 1 billable domain
- api.example.com = 1 billable domain
- *.example.com = 1 billable wildcard domain
This means you are not charged per certificate issuance or per renewal. You are charged for each domain item added to the subscription.
-
What does “Unlimited Server Licensing” mean?
Unlimited Server Licensing means that the same subscribed domain can be used on unlimited servers, nodes, containers, or environments without any extra server-based fee. Each server can run its own ACME client and request its own certificate for the same domain.
You pay per added domain, not per server.
-
Can I add many domains to one ACME subscription?
Yes. You can add multiple domains and subdomains within the ACME subscription model. However, each added domain or wildcard is billed separately. So you do not need a separate product account for each domain, but each added item remains a separate billable domain entry.
-
Is the certificate valid for 1 year? Why do I receive a 90-day certificate if I paid for 1 year?
The subscription is usually valid for 1 year, but the individual certificates issued through ACME are short-lived, typically around 90 days.
This is normal ACME behavior. Instead of one long-lived certificate, the ACME client automatically replaces the certificate before it expires.
-
Are setup guides available?
Yes. We provide setup guides for many common server types, control panels, and ACME environments. You can view our ACME setup manuals here