Opt in to ACME to Automate SSL Certificate Renewals  

Starting March 15, SSL certificate lifespans for websites will be reduced to 200 days. Lifetimes will shorten further to 100 days in March 2027 and 47 days in 2029. To avoid frequent manual renewals and the risk of expired certificates that can cause a site to display as “not secure,” ITS recommends opting in to automated certificate renewal via the ACME protocol. 

Why it Matters 
Automated renewal removes the need to submit cases and manually renew certificates. It reduces the chance of expired certificates interrupting access or damaging the university’s reputation, and shorter lifespans improve overall certificate security. 

How it Works 
ACME (Automatic Certificate Management Environment) automates the certificate lifecycle between the certificate authority and your servers. Implementing certificate automation requires two components: 

• ACME Account — Request an account from the FSU Information Security and Privacy Office (ISPO). Include the list of domains you want to automate. ISPO will create the account and provide the External Account Binding (EAB) values you need to configure your ACME client. 

• ACME Client — Software that runs on your server to request, install and renew certificates automatically. Some platforms include built-in ACME support, but most require installing a client, such as Certbot or another ACME client. 

Automating renewals will ensure uninterrupted service and stronger certificate security as lifespans change. For more information and a step-by-step guide, visit the ITS Service Catalog.