3.1 ACME Issuers
Bring your own CA, not just Let's Encrypt.
An Issuer is an ACME account configured for a Certificate Authority. Let’s Encrypt is built-in and ready for use. Other CAs require External Account Binding (EAB) credentials, which you generate at the CA and provide to CertKit.
Issuers are configured at the account level. Once set up, any certificate in any Collection can use them.
Capability Matrix
ACME support varies by CA. The features supported by your chosen CA determine which options are available when creating a certificate.
| Issuer | EAB | DNS-PERSIST | Profiles | ARI |
|---|---|---|---|---|
| Let’s Encrypt | — | Coming Soon | shortlived and tlsserver |
Yes |
| Google Trust Services | Required | — | — | Yes |
| DigiCert | Required | — | — | Yes |
| Sectigo | Required | — | — | Yes |
| GoDaddy | Required | — | — | Yes |
| ZeroSSL | Required | — | — | — |
Adding an Issuer
Adding an issuer requires a Friendly Name, Account Email, EAB Key ID, and EAB HMAC. The process for generating EAB credentials varies by vendor.