This paper studies a secure and robust IoT system by applying the concept of zero trust. Taking notice of IoT device communication over TLS and adding the vulnerability of IoT device to circumstances for certificate revocation, a method eliminating problematic IoT devices is presented. We design an automatic certificate management for IoT device certificate with ACME protocol and implement a prototype of the system. We also evaluate the prototype implementation and discuss a new challenge method in ACME protocol.