Skip to main content

ACM agent - automates ACM certificates

Project description

ACMagent - automates ACM certificates

ACM agents provides functionality to request and confirm ACM certificates using the CLI interface


$ pip install acmagent


In order to approve ACM certificates, create and configure acmagent IMAP credentials file. By default acmagent loads configuration .acmagent file from the user’s home folder for example: /home/john.doe/.acmagent. However, you have an option to specify a custom path to the credentials file.

# /home/john.doe/.acmagent

password: mysecretpassword


Issuing ACM certificates

The simplest option to request ACM certificate is to specify --domain-name and/or --validation-domain parameters.

$ acmagent request-certificate --domain-name *
$ acmagent request-certificate --domain-name * --validation-domain

Optionally, if you need to generate a certificate for multiple domain names you can provide the --alternative-names parameter to specify space separated alternative domain names.

$ acmagent request-certificate --domain-name --validation-domain --alternative-names

ACMAgent offers an option to specify JSON input file instead of typing them at the command line using --cli-input-json parameter.

  • Generate CLI skeleton output
$ acmagent request-certificate --generate-cli-skeleton &> certificate.json
$ cat certificate.json
    "DomainName": "",
    "SubjectAlternativeNames": [],
    "ValidationDomain": ""
  • Modify generated skeleton file using your preferred method
  • Using --cli-input-json parameter specify path fo the certificate.json file
$ acmagent request-certificate --cli-input-json file:./certificate.json


The request-certificate outputs ACM certificate id, it’s the last part of the ARN arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 you will need that id for a certificate approval process.

Approving ACM certificates

Before approving ACM issued certificate, please ensure that the credentials file has been setup. For gmail and yahoo enable access for ‘less secure apps’ (

$ acmagent confirm-certificate --help
usage: acmagent confirm-certificate [-h] --certificate-id CERTIFICATE_ID
                                [--wait WAIT] [--attempts ATTEMPTS]
                                [--debug] [--credentials CREDENTIALS]
optional arguments:
-h, --help                      show this help message and exit
--certificate-id CERTIFICATE_ID Certificate id
--wait WAIT                     Timeout in seconds between querying IMAP server
--attempts ATTEMPTS             Number of attempts to query IMAP server
--debug (boolean)               Send logging to standard output
--credentials CREDENTIALS       Explicitly provide IMAP credentials file

Confirming a certificate using the default settings:

$ acmagent confirm-certificate --certificate-id 12345678-1234-1234-1234-123456789012

However, for most scenarios the recommended approach to specify custom values for --wait and --attempts parameters tailored for your IMAP server.

$ acmagent confirm-certificate --wait 10 --attempts 6 --certificate-id 12345678-1234-1234-1234-123456789012

In the situations when you can’t use the default IMAP credentials file provide the --credentials parameter

$ acmagent confirm-certificate --certificate-id 12345678-1234-1234-1234-123456789012 --credentials file:///var/lib/jenkins/.acmagent

Project details

Release history Release notifications

This version
History Node


History Node


History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
acmagent-1.0.2.tar.gz (8.7 kB) Copy SHA256 hash SHA256 Source None Apr 22, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page