A lot of customers will have their web site hosted by a 3rd party provider making getting access to the SSL private key impossible.
In that situation either you can host your own signing server - code is at:
GitHub - umpint/signing-server
Or we are able to host it for you.
$ hash=`sha256sum file | awk '{print $1}'`$ curl "https://your-signing-server.com/sign?hash=${hash}&secret=test1234"
Then to sign a document you just need to generate the hash of the file and send it to the signing server. This would then compute the signature and send this data to our servers.