AWS Certificate Manager now supports the ACME protocol for public certificates
Share
Services
AWS Certificate Manager (ACM) now allows you to provision a fully managed ACME server endpoint that issues public TLS certificates with a 45 day validity from [Amazon Trust Services](https://www.amazontrust.com/repository) using any ACMEv2-compatible client, including Certbot, cert-manager for Kubernetes, and acme.sh. With the CA/Browser Forum mandating 47-day certificate lifetimes by 2029, manual management of public certificates becomes untenable. ACME support in ACM gives developers a standards-based path to fully automate certificate issuance and renewal.
PKI administrators can create managed ACME endpoints with centralized governance controls: define domain scopes to restrict which certificates each client can issue, enforce policies on wildcard usage, and delegate certificate requests to application teams without distributing DNS credentials. Domain validation is performed once at the endpoint level, while application owners use standard ACME clients to request certificates. All activity is visible in the ACM console with AWS CloudTrail logging and Amazon CloudWatch metrics for auditability.
ACME support in ACM is available in all commercial AWS Regions. For pricing details, see the [ACM pricing page](https://aws.amazon.com/certificate-manager/pricing/). To get started, visit the [AWS News blog post](https://aws.amazon.com/blogs/aws/automate-public-tls-certificate-issuance-with-acme-support-in-aws-certificate-manager/) or read the [documentation](https://docs.aws.amazon.com/acm/latest/userguide/acm-acme.html).
What else is happening at Amazon Web Services?
AWS Security Hub adds impact analysis for exposure findings
about 20 hours ago
Services
Share
Amazon Cognito now supports self-service provisioned API rate limits
about 20 hours ago
Services
Share
Amazon SageMaker Studio now integrates with Hugging Face for one-click model deployment and customization
about 21 hours ago
Services
Share
Read update
Services
Share