The following are prerequisites to automate the installation of certificates on a Palo Alto Firewall with ACME.


This document assumes the following:

  • There is an active connection between the ACME client, Palo Alto Firewall management, and the internet.

  • The SCM ACME endpoints with credentials are configured.

  • The Palo Alto firewall is configured with permission to install certificates, change configurations, and commit changes.

Testing Environment

The following sections outline the environments in which the integration has been tested.

Operating Systems

  • CentOS/RHEL 7.x/8

  • Ubuntu LTS 18.04/20.04

Software Components

  • Python 3 (RHEL - 3.6.8 / Debian – 3.8.5)

  • Certbot (RHEL/Debian – 1.13.0)

  • OpenSSL (RHEL – 1.1.1g / Debian – 1.1.1f)

  • pan-python (RHEL/Debian – 0.16.0)

Palo Alto Firewall

  • PA-220 PAN-OS 10.0.3

Internet Access

  • Yes