Video Guide to setup ACME for Apache on Ubuntu
Step 1. Purchase an ACME SSL Certificate
Before you begin the configuration, you’ll need to purchase a trusted ACME-compatible SSL Certificate. While free ACME providers such as Let’s Encrypt are suitable for hobby or temporary projects, they lack the reliability, support, and flexibility required for production environments. With SSLTrust's Domain Validated ACME Certificates, you get the same automated issuance and renewal benefits—plus enterprise-grade advantages such as Unlimited Certificates, Unlimited Server Deployments, and Multiple Account Bindings (EAB) to securely manage certificates across different systems.
All certificates are backed by globally trusted Certificate Authorities and supported by SSLTrust’s expert team. You can have a look at our ACME SSL Certificates here. Also, do check out our ACME SSL Certificates from Verokey and Sectigo. If you're still unsure of what certificate to choose for your business, please contact our Sales Team, and they will be glad to help you out.
1. After having finalised your choice and no. of domains to be secured, click on "Add to Cart"
Complete the checkout process.
Provide your account information
Pick the payment option you prefer, then click on the checkout button
2: Following your SSL Certificate purchase, you're ready to commence configuring it. To complete this action, navigate to your SSLTrust account and handle your latest purchase. Access the SSLTrust Dashboard, then navigate to Services and select My Services.
Your purchased certificate and order status should be visible to you. Next, click on Manage.
Upon clicking Manage, you'll find yourself on the Product Details page of your SSL Certificate. Click on "Configure Service" to personally configure the settings. Alternatively, you can generate a configuration URL with an expiry and send it to the concerned person for them to handle the configuration on your behalf.
Step 2. Configure your ACME SSL Certificate
1. After successful purchase, you can proceed to configure your ACME SSL Certificate by generating your External Account Binding (EAB) credentials with the Certificate Authority (CA) and submitting the domain name you want to secure.
This step prepares your certificate for ACME automation and ensures you have the credentials needed for issuing your certificate in the following steps.
What is an External Account Binding (EAB)?
An External Account Binding (EAB) is a pair of secure credentials provided by your Certificate Authority (CA) that proves your ACME client is authorised to request certificates for your account. Think of it as a unique key that links your purchased SSL Certificate to the automated ACME system.
The EAB consists of two parts:
Key ID (KID) - identifies your account.
HMAC Key - securely verifies your requests.
Without these credentials, the Certificate Authority (CA) will not issue certificates through ACME.
2. On the configuration page, enter your domain name, click on "Add Domain" and then click on "Save Domain Changes"
Now, create a new binding.
Enter your account name and then select the Certificate Length as "30 days". This means that the certificate will automatically be renewed every 30 days. Click on "Create Account".
You will now see 3 fields - the ACME directory URL, KID and HMAC Key. Make sure to save all of them at a secure location, you will not be able to see them again.
Step 3. Install SSL Certificate on your server
Now that we have the necessary credentials, we can proceed to install the SSL Certificate on our server using Certbot. Pre-requisites:- a. Check the version of Ubuntu with below command (This guide is valid for x22.04 and above)
shell
sudo cat /etc/os-release
b. Make sure that you have Apache running on your server. Check status with below command.
shell
sudo systemctl status apache2
1. Install Certbot with below command:
shell
sudo apt install certbot python3-certbot-apache -y
2. Check the Installation of Certbot:
shell
sudo certbot --version
3. Run below command to install your SSL Certificate with Certbot:
shell
sudo certbot --apache \ --server "YOUR_SERVER_NAME" \ --eab-kid "YOUR_KID" \ --eab-hmac-key "YOUR_HMAC_KEY" \ -d yourdomain.com -d www.yourdomain.com
Make sure to replace fields with your domain name & other credentials as necessary before running the command.
Step 4. Check the SSL Certifcate Installation
SSLTrust's Free SSL Checker is a tool that allows you to test and validate the SSL/TLS certificates installed on websites. Simply enter a domain name, and it will analyse the certificate, providing details like the issuer, expiration date, encryption strength, and whether the certificate is properly configured and trusted by major browsers and operating systems. In SSL tests, receiving an "A" rating typically signifies that the SSL certificate and its configuration meet high security standards.
The checker highlights any potential security issues or misconfigurations with the SSL implementation. This free tool makes it easy to verify if a website's SSL certificate is valid and secure, giving visitors confidence their connection is encrypted and their data is protected from eavesdroppers.
Additionally, you can also performed a detailed check which generates an actionable report with all the ins and out of your SSL Certificate. This includes Protocols, Ciphers, Vulnerabilities and much more.
- You might require assistance from your web developer or make the necessary updates to your website personally to ensure that all files utilise "https://" and all links leading to and within your website employ "https://". If you need any help with your SSL Installation, please don't hesitate to reach out to our friendly support team by clicking here.
Step 5. Test the renewal of your ACME SSL Certificate
After successfully installing your ACME SSL certificate, the final step is to ensure that automatic renewal is working correctly.
Certbot includes a built-in dry-run feature that simulates the renewal process without making any real changes. This test confirms that your server can communicate with the ACME provider, your EAB credentials are stored correctly, and your certificate will renew automatically before it expires.
1. Run the below command to perform a dry run and simulate the renewal process.
shell
sudo certbot renew --dry-run \ --server "ACME_DIRECTORY_URL"
Make sure to replace the ACME_Directory_URL with your saved URL Directory.
You will then get an output if your dry run was successful. If you get any errors, try to debug with the official documentation from Certbot. Alternatively, you can retry the installation to ensure you did not miss any steps.
Congratulations! You’ve now completed the full setup—your ACME SSL Certificate is installed, secured, and ready to renew automatically. From here on, your website stays protected without you having to chase deadlines or fix expired certificates. If you need any help with your SSL Installation, please don't hesitate to reach out to our friendly support team by clicking here. If interested, do check out some of the leading brands we have partnered with to bring the best SSL Certificates to our customers. Also, you can check the safety and security of your website at our free website safety and security checker. If you have any other servers, control panels or other tools to install an SSL Certificate on, you can have a look at our numerous installation manuals.
Discussions and Comments
Click here to view and join in on any discussions and comments on this article.
