Sectigo ACME SSL Certificate

Certbot is a free, open-source software tool developed by the Electronic Frontier Foundation (EFF). It acts as a client for the ACME protocol, and its primary function is to automate the process of obtaining, installing, and automatically renewing SSL/TLS certificates (especially from Let's Encrypt) on web servers like Apache and Nginx. It simplifies securing websites with HTTPS by handling the technical steps for you.

## First register your new Account Binding provided to you
certbot register --server {SERVER_URL_HERE} \
--eab-kid {EAB_KID_HERE} \
--eab-hmac-key {EAB_KEY_HERE}


## Request new certificate for domain
certbot certonly --server {SERVER_URL_HERE} \
--webroot -w /var/www/example -d mydomain.com -d www.mydomain.com


## Renew all previously obtained certificates that are near expiry
certbot renew

You can read more about the Certbot commands here.

Standing out as an ACME client implemented purely as a Unix shell script, acme.sh is a lightweight, open-source tool designed for automating SSL/TLS certificate management. It allows users to easily obtain and automatically renew certificates from numerous ACME-compliant Certificate Authorities. Its shell-based nature prioritises simplicity, high portability, and minimal dependencies, making it a flexible choice for command-line users and automated scripting across various systems.

## First register your new Account Binding provided to you
acme.sh --server {SERVER_URL_HERE} --register-account \
--eab-kid {EAB_KID_HERE} \
--eab-hmac-key {EAB_KEY_HERE}


## Request new certificate for domain
acme.sh --issue -d mydomain.com -d www.mydomain.com \
-w /home/wwwroot/mydomain.com --server {SERVER_URL_HERE}


## Renew the certificate or recheck for domain validation and issue cert
acme.sh --issue -d mydomain.com -d www.mydomain.com --server {SERVER_URL_HERE} --renew

You can read more about the acme.sh commands here.

Posh-ACME is a powerful and user-friendly PowerShell module that simplifies the process of obtaining and managing SSL/TLS certificates from ACME compliant certificate authorities. It allows you to automate certificate creation, renewal, and revocation directly from your Windows environment, making secure HTTPS configuration much easier. Think of it as your go-to tool for hassle-free certificate management in PowerShell.

## First register your new Account Binding provided to you
$eabKID = 'EAB_KID_HERE'
$eabHMAC = 'EAB_KEY_HERE'
New-PAAccount -ExtAcctKID $eabKID -ExtAcctHMACKey $eabHMAC -Contact 'me@example.com' -AcceptTOS


## Register the CA Server URL
Set-PAServer -DirectoryUrl  {SERVER_URL_HERE}


## Request new certificate for domain
New-PACertificate example.com -AcceptTOS


# Renew all orders on the current account
Submit-Renewal

You can read more about the Posh-ACME commands here.

Win-ACME is a robust, open-source ACME client specifically developed for Windows environments. It provides system administrators and IT professionals with a streamlined and automated solution for obtaining and deploying SSL/TLS certificates. The tool simplifies the complexities of certificate lifecycle management, encompassing request generation, domain validation, and certificate installation, thereby enhancing the security posture of Windows-based web services and applications with minimal administrative overhead.

## Execute the following command to auto-enroll certificate on IIS using WinACME client
wacs.exe --baseuri {SERVER_URL_HERE} --verbose \
--accepttos --emailaddress me@example.com --eab-keyidentifier {EAB_KID_HERE} \
--eab-key {EAB_KEY_HERE}

You can read more about the Win-ACME commands here.