Select the ACMEv2 tab of the Configuration page to configure ACMEv2 enrollment.

ACMEv2 HTTP-01 Redirect on POST

Whether to enable redirects when the client responds with the 302, 307, or 308 HTTP code. Select: 

  • Yes to enable redirects and follow redirects up to 50 hops.
  • No to disable redirects, mark the challenge as failed, and flag the associated client order as invalid.

Mandatory: No. This setting defaults to No.

ACMEv2 HTTP-01 Retry Interval

The number of seconds to wait between HTTP-01 Validation attempts.

HTTP-01 Validation attempts can fail when the HTTP-01 challenge server responds with the 503 Service Unavailable HTTP code.

If set to 0, the ACMEv2 server will wait 1 second after the first connection failure and 2 seconds after each subsequent failure.

Mandatory: No. This defaults to 0.

ACMEv2 HTTP-01 Retry Count

he maximum number of times the CEG ACMEv2 Enrollment Service will retry HTTP-01 Validation before timing out.

HTTP-01 Validation attempts can fail when the HTTP-01 challenge server responds with the 503 Service Unavailable HTTP code.

This setting supports a value range from 0 to unlimited.

Mandatory: No. This setting defaults to 4.

ACMEv2 DNS-01 Query Timeout

The number of milliseconds to continue attempting DNS-01 Validation before timing out.

Mandatory: No. This value defaults to 10000 (10 seconds).

ACMEv2 DNS-01 Nameservers

The list of DNS nameservers for DNS-01 validation for ACMEv2. Use the following syntax to enter the IPv4 address and port (typically port 53) of each DNS nameserver.

<IP>:<PORT>

For example:

192.0.2.0:53

Mandatory: No. If this setting is absent, the ACMEv2 service will use the nameservers in the resolv.conf file.

Delete Expired Authorizations Cron Job

The schedule for Certificate Enrollment Gateway to remove expired ACMEv2 authorizations from the internal database. The value must be a cron schedule expression in the following format:

<second> <minute> <hour> <day-of-month> <month> <day-of-week>

For example, to run the cron job every 1 hour:

0 0 * ? * *

Mandatory: No. If this setting is absent, Certificate Enrollment Gateway removes expired ACMEv2 authorizations every 1 hour.

Delete Expired Order Cron Job

The schedule for Certificate Enrollment Gateway to remove expired ACMEv2 orders from the internal database. The value must be a cron schedule expression in the following format:

<second> <minute> <hour> <day-of-month> <month> <day-of-week>

For example, to run the cron job every 1 hour:

0 0 * ? * *

Mandatory: No. If this setting is absent, Certificate Enrollment Gateway removes expired ACMEv2 orders every 1 hour.

ACMEv2 Order Expiry Interval

The period of time an ACMEv2 order can remain unprocessed by a client before the ACMEv2 server marks the order as "invalid". Enter a period in ISO-8601 duration format:

PnDTnHnMn.nS

Mandatory: No. This setting defaults to p7D  (seven days).

Enable ACMEv2

Select Yes to enable the ACMEv2 protocol, No to disable the ACMEv2 protocol.

Mandatory: No.