Add an ACME CA
- Go to Admin → Certificate Authorities → New
- Select type ACME
- Fill in:
- Save — CertForge registers an ACME account with the provider automatically.
Use Let’s Encrypt’s staging environment (
https://acme-staging-v02.api.letsencrypt.org/directory) while testing to avoid rate limits. Switch to production before going live.Configure DNS validation
ACME requires proving you control the domain. CertForge uses DNS-01 challenge solving, which works for wildcard certs and does not require an open HTTP port. DNS configuration is done entirely in the UI — there is noconfig.yaml DNS solver configuration.
Step 1: Create a DNS account
- Go to Admin → DNS Accounts → New
- Select your DNS provider (Cloudflare or RFC 2136/TSIG)
- Enter the required credentials (see DNS Validation → for field details)
- Save and verify the account shows a connected status
Step 2: Link the DNS account to a DTP
- Go to Admin → Domain Trust Profiles
- Edit the profile that uses your ACME CA
- Under DNS Settings, select the DNS account you created
- Save
_acme-challenge TXT record automatically during issuance.
Create a Domain Trust Profile for ACME
- Go to Admin → Domain Trust Profiles → New
- Set:
- Domains:
*.corp.com(or your public domain) - CA: select the ACME CA you created
- DNS account: select the DNS account configured above
- Require approval: recommended for production domains
- Domains:
- Save
Test an issuance
Using certbot pointed at your CertForge ACME endpoint:Let’s Encrypt rate limits
CertForge tracks issuances and prevents requests that would exceed rate limits. Use the staging environment while testing.