Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
    • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Knowledge Articles
    4. Simplifying Custom Domain Certificate Renewals - Introducing Automated Management with ACME

    Simplifying Custom Domain Certificate Renewals - Introducing Automated Management with ACME

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Introduction:
      1. Current process:
      2. New Automated Process:
      3. Enrollment and Timeline:
      4. Exceptions
    2. FAQ
    3. General Questions and Support Requests

    Product: All products hosted on the Clarivate hosting system with private custom domains

     

     

    Introduction:

    Ex Libris is pleased to announce the implementation of ACME support for custom domain Certificates.

    As part of our ongoing effort to enhance our cloud security and constantly improve its availability, we are introducing a new, improved automation that will allow an automatic replacement of custom domain SSL Certificates 6 times a year without any intervention from your side.

     

    Current process:
    • Customers need to open a support case to generate a CSR (Certificate Signing Request), get the certificate issued by a Certificate Authority (CA), and then send it for installation.
    • Reference: https://knowledge.exlibrisgroup.com/Cross-Product/Knowledge_Articles/Working_with_custom_domain_names_on_hosted_ExLibris_environment
    New Automated Process:

    In preparation for the SSL industry's direction to shorten the certificate lifespan to 3 months, Ex Libris is introducing automation for custom domain certificate management.

    The new process will generate and automatically renew Certificates Using Let’s Encrypt (CA) and the ACME protocol (Automated Certificate Management Environment).

    Certificates will have a 3-month expiration, and auto-renewals will occur every two months.

    Domain validation is accomplished using the HTTP option by inserting the validation token at http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>.

    Ex Libris will keep monitoring the certificates to ensure automatic renewals.

    Once enrolled, customers will no longer receive notification emails 30 and 60 days before certificate expiration, as renewals will be handled automatically.

     

    Enrollment and Timeline:
    • Ex Libris will handle the enrollment, meaning no action is required from customers.
    • The rollout will happen moderately throughout 2025, with the expected completion by the end of the year.

     

    Exceptions
    • Wildcard certificates - Wildcard certificates cannot be validated using the HTTP method. Therefore, it is recommended that you switch to individual certificates per domain.
    • China - Due to local hardware requirements and regulations, the new process will not be available in China until further updates are made
       

    FAQ

    Why are we making this change?

    To align with industry standards and improve the security and management of custom domain certificates, we are automating the certificate renewal process using Let’s Encrypt and the ACME protocol. This change is driven by the need to shorten certificate lifespans (to 3 months) and reduce manual intervention, ensuring your certificates are always up to date without requiring you to take action.

    What is changing?

    The new process will automate managing and renewing custom domain SSL certificates. Certificates will be issued by Let’s Encrypt and will automatically renew every two months. The ACME protocol will handle domain validation, replacing the current manual process of generating CSR, requesting certificate issuance, and installing the certificate.

    What do we need to do?

    As a customer, you do not need to take any action. Ex Libris will automatically enrol you in the new process, and once you are enrolled, we will manage the certificate renewals for you. You will no longer need to worry about expiration notifications, as renewals will be automatic.

    In some configurations, cooperation from your institution’s IT team may be needed. If so, we’ll contact you directly with any required follow-up.

     

    When is this happening?

    The rollout of the new automated certificate management process will begin in 2025 and is expected to be completed by Q2 2026

     

     

    Will my website experience downtime during the renewal process?

    No, the automated renewal process is designed to minimize downtime. Let’s Encrypt's ACME protocol ensures seamless certificate renewal without causing service interruptions. The renewal process will take place in the background and will not impact the availability of your site.

     

    Who is Let’s Encrypt?

    Let’s Encrypt is a nonprofit certificate authority that provides TLS certificates to 500 million websites. https://letsencrypt.org/

     

    Is the old process still supported?

    The old process will still be supported during the transition period. However, once you are enrolled in the new system, Ex Libris will manage your certificate renewals automatically, and you will no longer need to follow the old process.

     

    What are the benefits of the new process?

    • Automated renewal process, so you no longer need to manually renew certificates every few months.

    • Improved security, with certificates having a shorter lifespan (3 months), which helps mitigate the risk of compromised certificates.

    • Reduced administrative burden: No more managing expiration reminders or going through support cases for renewals.

     

     

    Can I still manage my certificates manually if I prefer?

    Once you are enrolled in the new automated system, manual certificate management will no longer be necessary or supported. The system is designed to handle everything automatically to ensure continuous and up-to-date certificate management.

     

    What happens if the renewal fails?

    The automatic renewal occurs 30 days before the certificate expiration date.

    If the automatic renewal fails for any reason, Ex Libris will be notified and will intervene to resolve the issue. Our team will work to ensure that the renewal process is completed without disruption to your services.

     

    How will domain validation work for non-HTTP-based domains?

    For domains where HTTP validation is not an option (e.g., Wildcard certificates), Ex Libris will work with you to set up DNS validation. This involves adding a specific DNS record to your domain to prove ownership.

     

    What if I need to make changes to my certificate during the renewal process?

    If you need to update or modify your certificate (e.g., adding or removing domains), you can contact Ex Libris support for assistance. We will guide you through any changes you need and ensure that the automated renewal process continues smoothly.

    How do I check if my certificate has been renewed?

    You can check the details of your SSL certificate at any time by accessing your domain’s certificate details. Once enrolled, you will see the issue by statement is Let’s Encrypt.

     

    Will the new process affect the SSL/TLS protocols I’m using?

    No, your SSL/TLS protocols will not be affected. The new process is focused on automating the management and renewal of certificates, but the security protocols that ensure secure communication with your website (SSL/TLS) will remain the same.

     

    General Questions and Support Requests

     

    If you have any questions or need assistance regarding the new process, you can contact Ex Libris support. We will continue to provide support during the transition to ensure a smooth experience.

     

     

    • Article last edited: 27-May-2025
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Setup Email Preferences to Subscribe to Ex Libris Mailing Lists
      • SSL 3.0 Vulnerability ("POODLE")
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Knowledge Article
      Language
      English
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved