Step 1: Create ACME Directory URL

An ACME Directory URL (ADU) is your blueprint for automation. It defines the certificate type (DV or OV), brand (DigiCert or GeoTrust), and validity period, while generating the credentials your ACME client (e.g., Certbot) will use to request, reissue and renew certificates. Once created, an ADU can be reused across multiple servers, helping you streamline certificate management across your environment.

To begin automating certificate issuance through GeoCerts, you’ll first create an ACME Directory URL in your CertCommand account.

Where to create it

Log in to your GeoCerts CertCommand account.
Go to Automation > ACME Directory URLS.
Click Create ACME Directory URL.

Required fields

You’ll be prompted to enter:

Name – A descriptive name for this ACME Directory URL (e.g., ProjectX-Prod-US-DV-1Yr). For internal use only.
Flex Certificate Product – Choose from available DigiCert and GeoTrust DV/OV certificates
Organization – For OV certificates only, choose the pre-validated organization.
Multi-year Prepaid Coverage Term – Select 1 or 2 years (note: certificates are issued for 397 days at a time)
Certificate Validity Period – Select 1 or 2 years (note: certificates are issued for 397 days at a time)

About Flex Certificate Products: Flex certificates are versatile products that allow you to secure one or multiple domains (including wildcard domains) under a single certificate. When creating your ACME Directory URL, selecting a Flex Certificate Product means you have the flexibility to define the exact domain names (SANs) at the time the certificate is requested through your ACME client.

This makes Flex certificates ideal for environments where domain needs may change over time or where you want maximum adaptability without recreating new credentials.

Important: Before you can select an organization for an ACME Directory URL, the organization must be fully validated and approved for OV certificate issuance. If the organization is not yet validated, you must complete the organization validation process first by going to Certificates > Organizations > Add Organization in your GeoCerts account. Attempting to use an unvalidated organization will cause certificate requests to fail.

What you’ll receive

Once your ACME Directory URL is created, the following credentials will be displayed:

ACME Directory URL — The unique endpoint your ACME client connects to for certificate requests and renewals.
EAB Key ID — An identifier that securely binds your ACME client to your GeoCerts account (External Account Binding).
EAB HMAC Key — A secret key used to authenticate your ACME client when communicating with the ACME Directory URL.

You will enter these three values into your ACME client configuration to authorize automated certificate issuance.

Action: Click the Copy button to copy the entire set of credentials to your clipboard. Save them securely — they will not be shown again.

Security note

Store your ACME credentials securely — they grant the ability to request and renew certificates on your behalf.
Credentials can be revoked at any time in the ACME Credentials section of your account.

Important: Your ACME Directory URL, EAB Key ID, and EAB HMAC Key will only be displayed once after creation. For security reasons, GeoCerts cannot retrieve these credentials later. Be sure to copy and securely store them immediately after generating your ACME Directory URL.

Next Step

Step 2: Install and Configure ACME Client »

← Back to Workflow Overview