Auto Certificate Overview

The IONOS Certificate Manager now introduces a new feature in its V2 API: Auto Certificate. This enhancement allows users to automatically renew their SSL/TLS certificates via the platform, reducing manual management and improving security. The core of this new functionality lies in its integration with the ACME protocol to automate the issuance and renewal of certificates, eliminating the need for customers to manually upload certificates and keys.

Workflow Overview for Auto Certificate

1. Provider Creation: The user first creates a certificate provider by configuring an ACME server (such as Let's Encrypt). This provider is responsible for issuing and renewing the certificates.

2. Auto Certificate Creation: After the provider is set up, the user creates an Auto Certificate, pointing to the newly created provider and specifying the common name (domain) for which the certificate should be issued.

3. Automatic Certificate Management:

   • ACME-based issuance: The certificate manager handles the issuance and renewal process using the provided ACME server. The system sets up the required DNS TXT records on the IONOS Cloud DNS, which the ACME server uses to verify domain ownership.

   • Renewal process: The certificates are automatically renewed every 30 days before they expire, ensuring seamless security updates without user intervention.

Special Considerations

1. Domain and Zone Restrictions: This feature only works with domains that are hosted within the IONOS Cloud DNS zones. The ACME server needs to verify the domain ownership through TXT records, which are managed by the IONOS platform.

2. Handling Expiration and Grace Period: During the renewal process, a grace period of 30 days is applied. This means that two certificates—one expired (or expiring soon) and one newly issued—may coexist for a short period. The old certificate is automatically deleted 30 days after expiration, ensuring that the system remains clean and up-to-date.

3. Naming Convention: To prevent confusion between active and expiring certificates, timestamps are appended to the common name of the certificate in the database. This ensures that the certificates remain distinguishable in the system.

Benefits of Auto Certificate

1. Automated Renewal: No need for manual intervention to renew certificates, improving operational efficiency.

2. Security: Regularly updated certificates ensure that there are no gaps in encryption.

3. Visibility: Users can track both the newly created and expired certificates within the system.

4. Integration: The auto certificate feature is fully integrated and usable in products like CDN and API Gateway.

This new Auto Certificate feature represents a major step forward for users who need continuous, automated SSL/TLS certificate management on the IONOS platform.