Enable ACME Issuance

This health check ensures that ACME (Automatic Certificate Management Environment) is enabled in mounts that use intermediary issuers. Enabling ACME is a best practice for supporting automated certificate issuance and a self-rotating PKI infrastructure.

Health Check Name: enable_acme_issuance

Accessed APIs

Method
Endpoint
Description

READ

/config/acme

Checks ACME configuration settings

READ

/config/cluster

Verifies cluster configuration

LIST

/issuers (unauthenticated)

Lists available certificate issuers

READ

/issuer/:issuer_ref/json (unauthenticated)

Fetches ACME details for a specific issuer

Configuration Parameters

Parameter
Description

(None)

This check does not require configurable parameters.

Health Check Results

Condition
Status Level

ACME is not enabled on a mount with an intermediary issuer

Informational

ACME support is not mandatory, but enabling it is strongly recommended for operational efficiency and certificate lifecycle automation.

  1. Enable ACME on the appropriate mount:

  2. Ensure the mount contains an intermediary issuer, as ACME issuance is typically tied to such issuers.

  3. Test ACME endpoints using tools like curl or an ACME client (e.g., Certbot) to verify correct setup.

Last updated

Was this helpful?