Global Certificate Management

Create a Global Certificate

Description

Create a Global Certificate

URI

POST /admin-api/global/1/certs

URI Parameters

  • label:

    type: string

    required: no

    description: label for the certificate

  • server_cert

    type: string

    required: no (when attempting to manually upload a certificate, it’s required)

    description: end-entity certificate in pem format

  • priv_key

    type: string

    required: no (when attempting to manually upload a certificate, it’s required)

    description: private key in pem format

  • cert_chain:

    type: string

    required: no

    description: certificate chain, usually no need to upload

  • client_verify

    type: boolean

    required: no

    description: Whether the certificate is used for client certificate validation, the default value is false.

  • ca_cert

    type: string

    required: no (when attempting to enable client_verify, it’s required)

    description: the field is required when using client certificate verification. The client certificate is signed using this ca

  • acme_host

    type: string

    required: no (when attempting to issue certificate via ACME, it’s required)

    description: signing a certificate using acme, only wildcard domain name can be signed here.

  • acme_providers

    type: integer

    required: no

    description: use the certificate issuer that supports ACME as defined in the global configuration. If not specified, Let’s Encrypt will be used

  • acme_csr_type

    type: string

    required: no

    description: specify the encryption algorithm for the ACME issued certificate, which current support ‘rsa’ and ’ec’. The default value is ‘rsa’.

  • acme_use_uploaded_key

    type: boolean

    required: no

    description: whether to use manual uploaded private key for the ACME issued certificate.

  • acme_takeover

    type: boolean

    required: no

    description: whether the specified domains of the uploaded certificate is updated by the specified ACME provider. (the default value is false)

Example Request

Shell

curl -X POST \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/certs \
  -d '{"acme_host":"*.example.com"}'

Example Response

Status: 200 OK
{
  "data": {"id": 1},
  "status": 0
}

Get the global certificate list

Description

Get the global certificate list

URI

GET /admin-api/global/1/certs

Example Request

Shell

curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/certs

Example Response

Status: 200 OK
{
  "data": [
    {
      "client_verify": false,
      "id": 1,
      "server_cert": "-----BEGIN CERTIFICATE----- xxxx",
      "acme_host": "*.example.com",
      "expdate": 123456789
    }
  ],
  "status": 0
}

Update the Global certificate

Description

Update the Global certificate

URI

PUT /admin-api/global/1/certs/{cert_id}

Example Request

Shell

curl -X PUT \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/certs/1 \
  -d '{"acme_host": "*.test.com"}'

Example Response

Status: 200 OK
{"status":0}

Delete the certificate from global

Description

Delete the certificate from global

URI

DELETE /admin-api/global/1/certs/{cert_id}

Example Request

Shell

curl -X DELETE \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/certs/1 \

Example Response

Status: 200 OK
{ "status": 0 }

Create ACME Provider

Description

Create ACME Provider

URI

POST /admin-api/global/1/acme_providers

URI Parameters

  • name

    type: string

    required: yes

    description: name of ACME Provider

  • endpoint

    type: string

    required: yes

    description: endpoint(URI) of ACME Provider

  • eab_kid

    type: string

    required: yes

    description: EAB_KEY_ID field of ACME Provider

  • eab_hmac_key

    type: string

    required: yes

    description: EAB_HMAC_KEY field of ACME Provider

  • email

    type: string

    required: no

    description: email address

Example Request

Shell

curl -X POST \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/acme_providers \
  -d '{"name":"ZeroSSL","endpoint": "https://acme.zerossl.com/v2/DV90","eab_kid":"EAB_KEY_ID","eab_hmac_key":"EAB_HMAC_KEY"}'

Example Response

Status: 200 OK
{
  "data": {"id": 1},
  "status": 0
}

Get the ACME Provider list

Description

Get the ACME Provider list

URI

GET /admin-api/global/1/acme_providers

Example Request

Shell

curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/acme_providers

Example Response

Status: 200 OK
{
  "data": [
    {
      "id": 1,
      "name": "ZeroSSL",
      "endpoint": "https://acme.zerossl.com/v2/DV90",
      "eab_kid": "EAB_KEY_ID",
      "eab_hmac_key": "EAB_HMAC_KEY"
    }
  ],
  "status": 0
}

Update the ACME Provider

Description

Update the ACME Provider

URI

PUT /admin-api/global/1/acme_providers/{provider_id}

Example Request

Shell

curl -X PUT \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/acme_providers/1 \
  -d '{"eab_kid":"EAB_KEY_ID_2"}'

Example Response

Status: 200 OK
{"status":0}

Delete the ACME Provider

Description

Delete the ACME Provider

URI

DELETE /admin-api/global/1/acme_providers/{provider_id}

Example Request

Shell

curl -X DELETE \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  https://{admin-site}/admin-api/global/1/acme_providers/1 \

Example Response

Status: 200 OK
{"status": 0}