SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account

SSL Automation

Automate SSL/TLS certificates with ACME

FairSSL's ACME service gives IT professionals, consultants and hosting providers a fast way to automate SSL/TLS certificate management. It is secure, flexible and free from the limitations of free certificate authorities.

Built on ACME v2 (RFC 8555) with ACME Renewal Information (ARI, RFC 9773) support. Our platform automates certificate lifecycle management, including early renewal, CA switching and monitoring of both certificate and client status.

Shorter SSL lifetimes adopted

The CA/Browser Forum has adopted a phased reduction: 200 days (15 March 2026), 100 days (15 March 2027), 47 days (15 March 2029). Without automation, it becomes an administrative nightmare. Learn more →

Key benefits of FairSSL ACME

Free choice of CA and product

DigiCert (OV), GlobalSign (OV/EV), Thawte (DV, OV), GeoTrust (DV, OV), RapidSSL (DV). Supports single-domain, wildcard and SAN certificates.

Automated domain validation

Use AutoDNS without exposing DNS API keys, ideal for internal networks and secure environments.

Centralised administration

Create profiles with product-specific settings, monitor certificate expiry and client status, switch products without changing server configuration.

Security controls

Block or allow wildcard issuance and SAN name changes per profile and per ACME client. Lock down ACME clients after setup.

High limits

No limits on the number of paid certificates, up to 1,000 duplicates and 250 SANs. Perfect for disaster recovery and scaling.

ARI: smart renewal

ACME Renewal Information (ARI, RFC 9773) checks daily whether certificates should be renewed early and lets us monitor that each server's ACME client is active and healthy.

Built for engineers

1

"Set and forget" validation

Forget opening firewalls or handling temporary tokens. We use permanent DNS CNAME validation.

  • Your servers need no inbound internet access
  • Set the CNAME once, we handle validation automatically forever
2

Intelligent certificate reuse

Why pay for new certificates when you have 10 servers behind a load balancer?

  • The system reuses existing certificates across your infrastructure
  • Additional ACME clients using the same certificate are included in the ACME fee
3

No salespeople: just engineers

You are not talking to sales. You are talking to the developers who built the system.

  • No sales meetings, no "contact us for pricing", no upfront payments
  • Step-by-step guides for Windows (IIS), Linux and Kubernetes

Popular ACME Clients

Any ACME client that follows RFC 8555 and supports EAB works with FairSSL. Here are the clients we have tested and can help with.

Windows

Windows

IIS, Exchange, RDP, SQL Server, ADFS

simple-acme, Certify The Web, Posh-ACME
Linux

Linux

Apache, Nginx, HAProxy, Docker, Kubernetes

Lego, Certbot, acme.sh, Caddy
Overview

Network Appliances

F5, Palo Alto, NetScaler, Fortinet, pfSense

FortiGate, NetScaler, F5, KEMP, Kubernetes

Cloud

Azure, AWS, Kubernetes cert-manager

Key Vault Acmebot, cert-manager

Our recommendation: simple-acme for Windows, Lego for Linux and CI/CD. FairSSL sponsors both projects. They have the best integration with the FairSSL ACME server and support ARI for intelligent renewal and monitoring.

Windows Setup → Linux & Kubernetes → Appliances and load balancers → ACME Clients →

Comparison with free ACME services

See the difference between FairSSL ACME, Let’s Encrypt and ZeroSSL.

Scroll right to see more providers

Feature FairSSL Let's Encrypt
Certificate types DV, OV DV
Certificate validity 1–199 days 90 days (6 days announced)
Supports multiple CAs
ACME client monitoring
Expiry alerts & reports Email lists, daily/weekly/monthly
Certificates per domain No limit 50 per week
Duplicate certificates 1,000 5 per week
Names per certificate (SANs) 250 100
Wildcards allowed ✓ (requires DNS API key)
DNS validation AutoDNS — set and forget Requires DNS API key on client
Centralised management
Per-profile wildcard control
Per-client SAN locking
Order period 1–3 years No order, 90 days at a time
Installation guides ✓ Step-by-step Community documentation
Debug event log ✓ Full traceability
Support Phone & email Community forum
See the full comparison with pricing scenarios →

Transparent pricing

€33 per certificate

ACME service fee covers up to 25 servers using the certificate. Usage beyond 25 servers adds another €33.

  • SAN changes and reissues are exempt from the fee
  • Additional ACME clients using the same certificate: free
  • Standard certificate prices apply on top

Get started in 10 minutes

# Install certbot (Ubuntu/Debian)
sudo apt install certbot

# Request certificate with FairSSL ACME server
certbot certonly \
  --agree-tos \
  --email admin@yourcompany.com \
  --preferred-challenges http \
  --server https://fairssl.dk/acme \
  -d www.yourcompany.com

Certbot sets up automatic renewal. Nothing more to do.

ACME-compatible certificates

These DV certificates support automatic ACME issuance and renewal:

RapidSSL

RapidSSL

DV

Standard DV. Issued in minutes.

from €46 /year See details →
Thawte

Thawte SSL123 SAN DV

DV

DV multi-domain. Supports SAN names and wildcards in combination.

from €86 /year See details →
Thawte

Thawte SSL123 Wildcard

DV

DV wildcard. Can also add individual SAN names.

from €228 €147 /year See details →
See all products with prices →

Frequently asked questions about ACME automation

Find answers to the most common questions about SSL certificates and FairSSL.

The ACME service fee is €33 per certificate and covers up to 25 servers. Usage beyond 25 servers adds another €33. SAN changes and reissues are exempt. Additional ACME clients using the same certificate are free. Standard certificate prices apply on top.
The CA/Browser Forum adopted a phased reduction in 2025: 200 days from 15 March 2026, 100 days from 15 March 2027, 47 days from 15 March 2029. Without automation, it becomes an administrative nightmare.
If you already use ACME (Certbot, simple-acme, acme.sh) and renew automatically, you are well positioned. If you renew manually, you should migrate to ACME now.
Yes. FairSSL ACME supports pre-validated OV certificates, something Let's Encrypt does not offer. The first issuance requires organisation validation, after which renewals happen automatically.
Yes. cert-manager supports ACME with External Account Binding (EAB) and can be configured to point at the FairSSL ACME server.
No limits on the number of paid certificates per domain, up to 1,000 duplicates and 250 names (SANs) per certificate. We have high request rate limits to prevent errors and misuse, but they do not affect normal operations. Perfect for disaster recovery, scaling and large installations.

Ready to create a free account?

Create a free account and issue your first certificate in under 10 minutes.

Create free account Compare certificates