acme_certificate

The acme_certificate directive is part of the Automatic Certificate Management Environment (ACME) module for NGINX, enabling the automatic issuance, renewal, and management of SSL/TLS certificates. This directive is utilized within the server context and must be provided with one or more arguments that specify the parameters needed to successfully connect to ACME servers, usually involving a domain name and registration details. The directive presently supports the HTTP-01 challenge type, meaning it can automatically verify domain ownership by creating specific HTTP response challenges that must be accessible on the server.

When the acme_certificate directive is invoked, it initiates certificate requests to an ACME server such as Let’s Encrypt or another compliant CA. Parameters passed through this directive determine how NGINX interacts with the ACME provider during this process, such as setting the domain names to generate certificates for, specifying the challenge port or path, and handling the certificate storage locations. The operation of this directive is heavily reliant on proper server configuration, particularly that the server must be accessible from the Internet and properly respond to the challenges presented by the ACME server.

After initial certificate retrieval, the acme_certificate directive also automates the renewal process based on predetermined conditions, ensuring that certificates do not expire without intervention. This reduces the administrative burden on system operators, providing a seamless experience in maintaining SSL/TLS security for web applications.