Skip to main content

Automated Certificate Management Environment (ACME)

It is strongly recommended that services utilize certificate automation via ACME where possible to avoid preventable service disruptions caused by expired SSL/TLS certificates.

Public-facing services available outside the campus network should use the public Let’s Encrypt service. Let’s Encrypt certificates are free to use and include robust automation via ACME as part of the service offering.

Internal applications and services can use the same protocol as Let’s Encrypt (ACME) to retrieve certificates from the existing InCommon/Sectigo service operated by Technology Services; certificate renewals using ACME are automated and don’t require requests. A list of compatible ACME clients for various platforms are available in Let's Encrypt's Documentation.

Warning

Due to the potential security risks it poses to the organization, we will not be adding the wildcard *.tamu.edu domain to any ACME accounts. Accounts will only be granted access to subdomains under the requesting department's control.

Request an ACME Account

We will need the following information to process an ACME Account Request:

  • Technical Contact(s)
  • Technology Services Vertical (Security & Risk, Architecture & Engineering, etc)
  • Which team within the vertical the account is for (if applicable)
  • Domain(s) the account will be used for

Submit an ACME Account Request

Security

Upon processing your request, we will provide you with the endpoint URL, KeyID, and HMAC key for use in your ACME client.

It is crucial to keep these values private, as they enable access to issue certificates on your behalf. Treat them with the same care as application secrets and passwords - store them securely, restrict access, and do not share them outside those who require them on your team.