Powered by Redocly

ACME

Create a new acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

directory-url
required
string
contact-email
required
string <email-address> ^["a-zA-Z0-9.!$'#%&*+-/=?^_`~{}]+@[a-zA-Z0-9....
use-root-ca-certs
boolean
Default: true

Use root CA certificate bundle when validating certificate of discovery url.

server-name-indication
string

If the account-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the account-url will be used.

api-ca-cert
string

CA Cert to use when talking to the ACME API, PEM encoded. This will default to using the OS default root certificate bundle.

tls-verify
boolean
Default: true

This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production.

renew-threshold
string <duration>
Default: "30d"

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Renew certificate when less than this threshold remains of the certificate lifetime.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

409

Conflict (instance exists)

503

Service Unavailable (strongbox sealed)

post/v1/config/strongbox/acme-services
Request samples 
name: letsencrypt
directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
contact-email: joe@acme.com
use-root-ca-certs: true
server-name-indication: acme
api-ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
  a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
  AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
  RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
  EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
  UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
  +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
  GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
  F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
  MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
  BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
  FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
  a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
  2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
  1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
  kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
  ceaTK5VvI8G+xg==
  -----END CERTIFICATE-----
tls-verify: true
renew-threshold: 30d

Retrieve the configuration of all acme serviceses

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

where
string

Retrieve only items matching the given expression.

See section where

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/acme-services
Response samples 
- name: letsencrypt
  directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
  contact-email: joe@acme.com
  use-root-ca-certs: true
  server-name-indication: acme
  api-ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
    a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
    AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
    RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
    EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
    UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
    +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
    GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
    F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
    MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
    FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
    a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
    2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
    1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
    kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
    ceaTK5VvI8G+xg==
    -----END CERTIFICATE-----
  tls-verify: true
  renew-threshold: 30d

Update an acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

directory-url
required
string
contact-email
required
string <email-address> ^["a-zA-Z0-9.!$'#%&*+-/=?^_`~{}]+@[a-zA-Z0-9....
use-root-ca-certs
boolean
Default: true

Use root CA certificate bundle when validating certificate of discovery url.

server-name-indication
string

If the account-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the account-url will be used.

api-ca-cert
string

CA Cert to use when talking to the ACME API, PEM encoded. This will default to using the OS default root certificate bundle.

tls-verify
boolean
Default: true

This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production.

renew-threshold
string <duration>
Default: "30d"

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Renew certificate when less than this threshold remains of the certificate lifetime.

Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

patch/v1/config/strongbox/acme-services/{acme-services-name}
Request samples 
name: letsencrypt
directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
contact-email: joe@acme.com
use-root-ca-certs: true
server-name-indication: acme
api-ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
  a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
  AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
  RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
  EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
  UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
  +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
  GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
  F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
  MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
  BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
  FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
  a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
  2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
  1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
  kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
  ceaTK5VvI8G+xg==
  -----END CERTIFICATE-----
tls-verify: true
renew-threshold: 30d

Delete an acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

delete/v1/config/strongbox/acme-services/{acme-services-name}

Replace or create a new acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Request Body schema:
name
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

directory-url
required
string
contact-email
required
string <email-address> ^["a-zA-Z0-9.!$'#%&*+-/=?^_`~{}]+@[a-zA-Z0-9....
use-root-ca-certs
boolean
Default: true

Use root CA certificate bundle when validating certificate of discovery url.

server-name-indication
string

If the account-url is a https URL, then this field can be used to configure which name must be present in the cert presented by the server. By default the host name from the account-url will be used.

api-ca-cert
string

CA Cert to use when talking to the ACME API, PEM encoded. This will default to using the OS default root certificate bundle.

tls-verify
boolean
Default: true

This field can be used to disable server cert validation when talking to the discovery-url. It should only be set to false in test setups and never in production.

renew-threshold
string <duration>
Default: "30d"

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Renew certificate when less than this threshold remains of the certificate lifetime.

Responses
201

Created

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

put/v1/config/strongbox/acme-services/{acme-services-name}
Request samples 
name: letsencrypt
directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
contact-email: joe@acme.com
use-root-ca-certs: true
server-name-indication: acme
api-ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
  a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
  AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
  RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
  EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
  UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
  +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
  GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
  F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
  MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
  BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
  FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
  a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
  2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
  1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
  kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
  ceaTK5VvI8G+xg==
  -----END CERTIFICATE-----
tls-verify: true
renew-threshold: 30d

Retrieve the configuration of an acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

where
string

Retrieve only items matching the given expression.

See section where

validate
string <enumeration>

Validate the request but do not actually perform the requested operation

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

412

Precondition Failed

503

Service Unavailable (strongbox sealed)

get/v1/config/strongbox/acme-services/{acme-services-name}
Response samples 
name: letsencrypt
directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
contact-email: joe@acme.com
use-root-ca-certs: true
server-name-indication: acme
api-ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
  a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
  AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
  RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
  EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
  UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
  +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
  GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
  F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
  MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
  BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
  FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
  a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
  2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
  1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
  kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
  ceaTK5VvI8G+xg==
  -----END CERTIFICATE-----
tls-verify: true
renew-threshold: 30d

Retrieve the state of all acme serviceses

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

where
string

Retrieve only items matching the given expression.

See section where

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
keys
string <enumeration>

Retrieve only the keys for the list

Value: "true"
count
string <enumeration>

Retrieve only the number of elements in the list

Value: "true"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/acme-services
Response samples 
- name: letsencrypt
  directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
  account-url: https://acme-staging-v02.api.letsencrypt.org/acme/acct/12345678
  contact-email: joe@acme.com
  use-root-ca-certs: true
  server-name-indication: acme
  api-ca-cert: |
    -----BEGIN CERTIFICATE-----
    MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
    a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
    AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
    RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
    EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
    UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
    +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
    GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
    F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
    MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
    FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
    a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
    2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
    1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
    kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
    ceaTK5VvI8G+xg==
    -----END CERTIFICATE-----
  tls-verify: true
  renew-threshold: 30d
  directory:
    revokeCert: https://192.168.100.3:14000/revoke-cert
    renewalInfo: https://192.168.100.3:14000/draft-ietf-acme-ari-03/renewalInfo
    newOrder: https://192.168.100.3:14000/order-plz
    newNonce: https://192.168.100.3:14000/nonce-plz
    newAccount: https://192.168.100.3:14000/sign-me-up
    keyChange: https://192.168.100.3:14000/rollover-account-key
    meta: |
      #{<<"externalAccountRequired">> => false,
        <<"profiles">> =>
            #{<<"default">> => <<"The profile you know and love">>,
              <<"shortlived">> =>
                  <<"A short-lived cert profile, without actual enforcement">>},
        <<"termsOfService">> => <<"data:text/plain,Do%20what%20thou%20wilt">>}
  requests:
    - names: foo.site.test,bar.site.test
      order-url: https://192.168.100.99:14000/my-order/Jr5JGsTS2XS8KYSUEHowiEtlZ_XN7byP1PUO5a9LS5g
      status: done
      error: failed
      cert: |
        -----BEGIN CERTIFICATE-----
        MIICpjCCAY6gAwIBAgIIWI130MIm9bcwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UE
        AxMdUGViYmxlIEludGVybWVkaWF0ZSBDQSAyNDBlZTIwHhcNMjUwOTA0MDkxMTE2
        WhcNMjUxMjAzMDkxMTE1WjAAMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB5u6x
        arBQ0tb8mFwChKP/DZKNGySFDGNvUuIiRhOkPCVJ30V9ZjQsj/3eQLTblnG1iI3H
        Xlxq8Ibd/G1HAwGz9fkBOXQTshMDh4gRGF4MYCYK8gnJLCpr6muXz+nfE6Whlwz5
        R6hLaqtTySaJTz0+fWXBp6zz4OvEEroTX73JqkvNHkGjgYMwgYAwDgYDVR0PAQH/
        BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0j
        BBgwFoAUspPoIrWxIyPyh5akMsudiMHsVeQwKgYDVR0RAQH/BCAwHoINZm9vLnNp
        dGUudGVzdIINYmFyLnNpdGUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAVQFrU8B6
        dY5xrEN160J4Pi7fPlFTq3PYkjmVjtivtUSzsWIZ/QKmzvq3ix/rv15jDlFOlpxI
        +xRbFFyi2LYlaKewdI9sy145g3w8uJiIoOQAAJAVo/qj5xo9obo/4Po6IOZKkG6Q
        5vNBQ+eJFgEU+Ld8baXFz3ZHiGNYXiwe2hBncOzncAtx5CgyDi5FWJAcLiFsrFdZ
        eE+O+uVHl6UjbmnoM0gDjr9piGJBUkzhd66eid7926OsllssgnT0wqUZuvTJYEf9
        zGXFLOH39moOp6cRW/RcKD2310+u4d9poiDC2y2ouTaBTdSZzw7f22jeYAzI20Er
        cfJy3hjTqtU2/Q==
        -----END CERTIFICATE-----
      chain: |
        -----BEGIN CERTIFICATE-----
        MIIDRDCCAiygAwIBAgIIfylekM6uAAUwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
        AxMVUGViYmxlIFJvb3QgQ0EgN2I3NzY5MCAXDTI1MDkwNDA5MTA0MVoYDzIwNTUw
        OTA0MDkxMDQxWjAoMSYwJAYDVQQDEx1QZWJibGUgSW50ZXJtZWRpYXRlIENBIDI0
        MGVlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAkFwEe3L1hYfCc
        lJ3pQsm67CASqo9gRGC9nHjhx1/ZbaFbFspiru/IFx6Rj5KKEQCU+htwNKKkyfWP
        H0ijy/s1Y7MbqnlJhPSHQK/UYAdxBLgmMACH2F+/plMRVmtQDgjHoep42DJFlf15
        y8bP6GURIR+62mkdx74FiLG9eqjUy+USJ5F28rTbUE/cTmPmTxT+/o47drfUtk5I
        ksnmqyzataEy69FpiReQm9yEo5wbUf4Y+7fs6ttSHJRK7U5TCBqhssJhHQQUQe82
        DbhIylcbdnIAtQR+php8RCBY95KE1TrBmMJ7w9dLq4ubj5BstN28uLwQCOK4p52E
        dTgefxECAwEAAaN4MHYwDgYDVR0PAQH/BAQDAgKEMBMGA1UdJQQMMAoGCCsGAQUF
        BwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLKT6CK1sSMj8oeWpDLLnYjB
        7FXkMB8GA1UdIwQYMBaAFKASKyrf4F3becf7x+rNkWcrQixXMA0GCSqGSIb3DQEB
        CwUAA4IBAQBCZ4/f1/OSOxotcMLqt1IO0VkgZhWg85xMKONTb0k8nCoDTZ33p/6e
        5MvXsMkqxPHkFMzpjQkw5xTD7qDUoVQvR5+/ph/trKmooPrGhb3mFkzmoFyOs4j9
        CpqouFxY0PTBf5cXl76G8z1AZZo7pr4WzP9dEpZHCN+boGVDfKSvD0iXGK465530
        53rkUb6Ek9Qdc6KJ2GxY/ZFVFQWgcM7fwDN1EHWBK8O8daRf69Ew3wUODruVxHj1
        EM7BhGFJog0lDQU3cWtj0U601UwGYirGcXt1ysTG0eVy5vOtx8sLsRfaZJJeanjt
        T493/oGo2FGsTS214wA1I4LQwTHC+CQ3
        -----END CERTIFICATE-----
      expires: 2025-11-04T09:11:16Z
      last-activity: 2025-09-04T09:11:16Z

Retrieve the state of an acme services

When certificates are requested variables may be used in the names leaf. Variables are expanded at certificate request time.

The following system-defined variables are available:

  • SYS_DNS_ZONES Available if the tenant has configured DNS zones. This is an array of the DNS zones defined for the tenant. The domain of a specific named zone is accessed with the syntax ${SYS_DNS_ZONES[name]}. A zone named default is always available, and contains the default domain for this tenant. It is accessed using ${SYS_DNS_ZONES[default]}.
  • SYS_GLOBAL_DOMAIN Contains the name of the top level domain used by all sites in the environment.
  • SYS_SITE Contains the name of the site where the certificate is generated.
  • SYS_SITE_LABELS This is an array of all labels defined on the site. The value of a specific label is accessed with the syntax ${SYS_SITE_LABELS[label]}. If the label has multiple values, it expands to a comma-separated string of these values. It is an error if no label is given, or if the label doesn't exist.
  • SYS_TENANT Contains the name of the tenant.

Auto-acme-certs generated for an application also has these variables available:

  • SYS_APP Contains the name of the application.
  • SYS_SERVICE Contains the name of the application service.

A service will get assigned a DNS name following this pattern

${SYS_SERVICE}.${SYS_APP}.${SYS_TENANT}.${SYS_SITE}.${SYS_GLOBAL_DOMAIN}

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
fields
string

Retrieve only requested fields from the resource

See section fields

where
string

Retrieve only items matching the given expression.

See section where

site
string

Send the request to the specfifed site

content
string <enumeration>

Filter descendant nodes in the response

Enum: "config" "nonconfig"
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

get/v1/state/strongbox/acme-services/{acme-services-name}
Response samples 
name: letsencrypt
directory-url: https://acme-staging-v02.api.letsencrypt.org/directory
account-url: https://acme-staging-v02.api.letsencrypt.org/acme/acct/12345678
contact-email: joe@acme.com
use-root-ca-certs: true
server-name-indication: acme
api-ca-cert: |
  -----BEGIN CERTIFICATE-----
  MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
  a3ViZUNBMB4XDTIxMDkyNjA4NTE1NloXDTMxMDkyNTA4NTE1NlowFTETMBEGA1UE
  AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPj
  RABeQOTAY9Vj4IORJ1oeAdHCXRvu6sLWokuX0rZuKj80YIJSiqXOsh2Djp8aD1fG
  EU89+fJNVV/3Ba5pe9NODbp597xAs/wpzmlurM/O99czoOxNsfd6pu0KpsRZgzBv
  UXzc9offqfr+bbFBrb6VD0fZ8q5ZJ+BupQcdc46/pm31AEG3MfmGv0jVU4d/RZTm
  +s4vrjrCEb255XTdWFHMi/bKMRNKRCoTHVAi01FbdHEivzVlFzObgp+UbldZf1v9
  GvqXzSmXLX87nn4Fa3JroPhNCajYiJikEBV5hIAe6RpGg42zr8GDrDj0e5CvpTOu
  F8leq8hjEvknEk3XQBECAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
  MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
  BBTBXYN94F5bU0shR57gmFiNtyRahDANBgkqhkiG9w0BAQsFAAOCAQEAl9mr8t+M
  FCAsn2ZIuILwZeiOhNXqyftFR2la47jJmYFtV6FZwMG7zNWOZlXYKrfw8mrRsaAB
  a2OvItNipywU54mJaN4OV9PuOadz3KjB3sZ78yXsteXgH3+TxNOwe4LW1mxeyxdL
  2JBCPmgrAt0VqekN1q0RRFyI/5JkU6Q+y1rpFV+cLvJGnX47Icgbgf/BGM4Bo30q
  1U0iTWrfcVUNQwpYtbHYPnbDD3F8E4FuX+G8J2QNgjHXGKHdCkM/s9IBKr/SLgiM
  kv/++NI+D3yABup4kHRnAWPLxAsBVB/v4p8o6yLB3jwIDxHwC3LU4tyQ2n3a/RFR
  ceaTK5VvI8G+xg==
  -----END CERTIFICATE-----
tls-verify: true
renew-threshold: 30d
directory:
  revokeCert: https://192.168.100.3:14000/revoke-cert
  renewalInfo: https://192.168.100.3:14000/draft-ietf-acme-ari-03/renewalInfo
  newOrder: https://192.168.100.3:14000/order-plz
  newNonce: https://192.168.100.3:14000/nonce-plz
  newAccount: https://192.168.100.3:14000/sign-me-up
  keyChange: https://192.168.100.3:14000/rollover-account-key
  meta: |
    #{<<"externalAccountRequired">> => false,
      <<"profiles">> =>
          #{<<"default">> => <<"The profile you know and love">>,
            <<"shortlived">> =>
                <<"A short-lived cert profile, without actual enforcement">>},
      <<"termsOfService">> => <<"data:text/plain,Do%20what%20thou%20wilt">>}
requests:
  - names: foo.site.test,bar.site.test
    order-url: https://192.168.100.99:14000/my-order/Jr5JGsTS2XS8KYSUEHowiEtlZ_XN7byP1PUO5a9LS5g
    status: done
    error: failed
    cert: |
      -----BEGIN CERTIFICATE-----
      MIICpjCCAY6gAwIBAgIIWI130MIm9bcwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UE
      AxMdUGViYmxlIEludGVybWVkaWF0ZSBDQSAyNDBlZTIwHhcNMjUwOTA0MDkxMTE2
      WhcNMjUxMjAzMDkxMTE1WjAAMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB5u6x
      arBQ0tb8mFwChKP/DZKNGySFDGNvUuIiRhOkPCVJ30V9ZjQsj/3eQLTblnG1iI3H
      Xlxq8Ibd/G1HAwGz9fkBOXQTshMDh4gRGF4MYCYK8gnJLCpr6muXz+nfE6Whlwz5
      R6hLaqtTySaJTz0+fWXBp6zz4OvEEroTX73JqkvNHkGjgYMwgYAwDgYDVR0PAQH/
      BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0j
      BBgwFoAUspPoIrWxIyPyh5akMsudiMHsVeQwKgYDVR0RAQH/BCAwHoINZm9vLnNp
      dGUudGVzdIINYmFyLnNpdGUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAVQFrU8B6
      dY5xrEN160J4Pi7fPlFTq3PYkjmVjtivtUSzsWIZ/QKmzvq3ix/rv15jDlFOlpxI
      +xRbFFyi2LYlaKewdI9sy145g3w8uJiIoOQAAJAVo/qj5xo9obo/4Po6IOZKkG6Q
      5vNBQ+eJFgEU+Ld8baXFz3ZHiGNYXiwe2hBncOzncAtx5CgyDi5FWJAcLiFsrFdZ
      eE+O+uVHl6UjbmnoM0gDjr9piGJBUkzhd66eid7926OsllssgnT0wqUZuvTJYEf9
      zGXFLOH39moOp6cRW/RcKD2310+u4d9poiDC2y2ouTaBTdSZzw7f22jeYAzI20Er
      cfJy3hjTqtU2/Q==
      -----END CERTIFICATE-----
    chain: |
      -----BEGIN CERTIFICATE-----
      MIIDRDCCAiygAwIBAgIIfylekM6uAAUwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
      AxMVUGViYmxlIFJvb3QgQ0EgN2I3NzY5MCAXDTI1MDkwNDA5MTA0MVoYDzIwNTUw
      OTA0MDkxMDQxWjAoMSYwJAYDVQQDEx1QZWJibGUgSW50ZXJtZWRpYXRlIENBIDI0
      MGVlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAkFwEe3L1hYfCc
      lJ3pQsm67CASqo9gRGC9nHjhx1/ZbaFbFspiru/IFx6Rj5KKEQCU+htwNKKkyfWP
      H0ijy/s1Y7MbqnlJhPSHQK/UYAdxBLgmMACH2F+/plMRVmtQDgjHoep42DJFlf15
      y8bP6GURIR+62mkdx74FiLG9eqjUy+USJ5F28rTbUE/cTmPmTxT+/o47drfUtk5I
      ksnmqyzataEy69FpiReQm9yEo5wbUf4Y+7fs6ttSHJRK7U5TCBqhssJhHQQUQe82
      DbhIylcbdnIAtQR+php8RCBY95KE1TrBmMJ7w9dLq4ubj5BstN28uLwQCOK4p52E
      dTgefxECAwEAAaN4MHYwDgYDVR0PAQH/BAQDAgKEMBMGA1UdJQQMMAoGCCsGAQUF
      BwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLKT6CK1sSMj8oeWpDLLnYjB
      7FXkMB8GA1UdIwQYMBaAFKASKyrf4F3becf7x+rNkWcrQixXMA0GCSqGSIb3DQEB
      CwUAA4IBAQBCZ4/f1/OSOxotcMLqt1IO0VkgZhWg85xMKONTb0k8nCoDTZ33p/6e
      5MvXsMkqxPHkFMzpjQkw5xTD7qDUoVQvR5+/ph/trKmooPrGhb3mFkzmoFyOs4j9
      CpqouFxY0PTBf5cXl76G8z1AZZo7pr4WzP9dEpZHCN+boGVDfKSvD0iXGK465530
      53rkUb6Ek9Qdc6KJ2GxY/ZFVFQWgcM7fwDN1EHWBK8O8daRf69Ew3wUODruVxHj1
      EM7BhGFJog0lDQU3cWtj0U601UwGYirGcXt1ysTG0eVy5vOtx8sLsRfaZJJeanjt
      T493/oGo2FGsTS214wA1I4LQwTHC+CQ3
      -----END CERTIFICATE-----
    expires: 2025-11-04T09:11:16Z
    last-activity: 2025-09-04T09:11:16Z

Invoke the request-cert operation

SecurityaccessToken
Request
path Parameters
acme-services-name
required
string <name> ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$

Name of ACME client service instance.

query Parameters
site
string

Send the request to the specfifed site

Request Body schema:
names
required
Array of strings

Request a certificate with the following alt-names.

wait
string <duration>
Default: "30s"

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

Time to wait for the request to go through.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/acme-services/{acme-services-name}/request-cert
Request samples 
names:
  - foo.acme.com
  - bar.acme.com
wait: 30s
Response samples 
status: done
error: none
cert: |
  -----BEGIN CERTIFICATE-----
  MIICpjCCAY6gAwIBAgIIWI130MIm9bcwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UE
  AxMdUGViYmxlIEludGVybWVkaWF0ZSBDQSAyNDBlZTIwHhcNMjUwOTA0MDkxMTE2
  WhcNMjUxMjAzMDkxMTE1WjAAMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB5u6x
  arBQ0tb8mFwChKP/DZKNGySFDGNvUuIiRhOkPCVJ30V9ZjQsj/3eQLTblnG1iI3H
  Xlxq8Ibd/G1HAwGz9fkBOXQTshMDh4gRGF4MYCYK8gnJLCpr6muXz+nfE6Whlwz5
  R6hLaqtTySaJTz0+fWXBp6zz4OvEEroTX73JqkvNHkGjgYMwgYAwDgYDVR0PAQH/
  BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0j
  BBgwFoAUspPoIrWxIyPyh5akMsudiMHsVeQwKgYDVR0RAQH/BCAwHoINZm9vLnNp
  dGUudGVzdIINYmFyLnNpdGUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAVQFrU8B6
  dY5xrEN160J4Pi7fPlFTq3PYkjmVjtivtUSzsWIZ/QKmzvq3ix/rv15jDlFOlpxI
  +xRbFFyi2LYlaKewdI9sy145g3w8uJiIoOQAAJAVo/qj5xo9obo/4Po6IOZKkG6Q
  5vNBQ+eJFgEU+Ld8baXFz3ZHiGNYXiwe2hBncOzncAtx5CgyDi5FWJAcLiFsrFdZ
  eE+O+uVHl6UjbmnoM0gDjr9piGJBUkzhd66eid7926OsllssgnT0wqUZuvTJYEf9
  zGXFLOH39moOp6cRW/RcKD2310+u4d9poiDC2y2ouTaBTdSZzw7f22jeYAzI20Er
  cfJy3hjTqtU2/Q==
  -----END CERTIFICATE-----
private-key: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
  1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQApJLS0bfVuwp7QBdIwHp5BHUbME8g
  ctpTUkwN89ohHkLBv/vrw+mnzeo+zgzr25fecpDV2guLLdQ46RZiHJeI9C0ACg5XvV9g6T
  5DnynZrVB7vZEDg56vUPAciPAl61c0n7U558SPAAZzyOjycwu5s3gprc/Usrh8gFzs2j0C
  GO531RMAAAEAD4hlXw+IZV8AAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
  AAAIUEAKSS0tG31bsKe0AXSMB6eQR1GzBPIHLaU1JMDfPaIR5Cwb/768Ppp83qPs4M69uX
  3nKQ1doLiy3UOOkWYhyXiPQtAAoOV71fYOk+Q58p2a1Qe72RA4Oer1DwHIjwJetXNJ+1Oe
  fEjwAGc8jo8nMLubN4Ka3P1LK4fIBc7No9Ahjud9UTAAAAQRixUumLl0HFS3r19GQQJmJl
  +ZyhYXUcG+B8C9zs6yM+BQ2fG3g3FHJM9fkQ/+/8QbHqD8pU3oWZwg3aitp0uZ+mAAAAAA
  ECAw==
  -----END OPENSSH PRIVATE KEY-----
chain: |
  -----BEGIN CERTIFICATE-----
  MIIDRDCCAiygAwIBAgIIfylekM6uAAUwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
  AxMVUGViYmxlIFJvb3QgQ0EgN2I3NzY5MCAXDTI1MDkwNDA5MTA0MVoYDzIwNTUw
  OTA0MDkxMDQxWjAoMSYwJAYDVQQDEx1QZWJibGUgSW50ZXJtZWRpYXRlIENBIDI0
  MGVlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAkFwEe3L1hYfCc
  lJ3pQsm67CASqo9gRGC9nHjhx1/ZbaFbFspiru/IFx6Rj5KKEQCU+htwNKKkyfWP
  H0ijy/s1Y7MbqnlJhPSHQK/UYAdxBLgmMACH2F+/plMRVmtQDgjHoep42DJFlf15
  y8bP6GURIR+62mkdx74FiLG9eqjUy+USJ5F28rTbUE/cTmPmTxT+/o47drfUtk5I
  ksnmqyzataEy69FpiReQm9yEo5wbUf4Y+7fs6ttSHJRK7U5TCBqhssJhHQQUQe82
  DbhIylcbdnIAtQR+php8RCBY95KE1TrBmMJ7w9dLq4ubj5BstN28uLwQCOK4p52E
  dTgefxECAwEAAaN4MHYwDgYDVR0PAQH/BAQDAgKEMBMGA1UdJQQMMAoGCCsGAQUF
  BwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLKT6CK1sSMj8oeWpDLLnYjB
  7FXkMB8GA1UdIwQYMBaAFKASKyrf4F3becf7x+rNkWcrQixXMA0GCSqGSIb3DQEB
  CwUAA4IBAQBCZ4/f1/OSOxotcMLqt1IO0VkgZhWg85xMKONTb0k8nCoDTZ33p/6e
  5MvXsMkqxPHkFMzpjQkw5xTD7qDUoVQvR5+/ph/trKmooPrGhb3mFkzmoFyOs4j9
  CpqouFxY0PTBf5cXl76G8z1AZZo7pr4WzP9dEpZHCN+boGVDfKSvD0iXGK465530
  53rkUb6Ek9Qdc6KJ2GxY/ZFVFQWgcM7fwDN1EHWBK8O8daRf69Ew3wUODruVxHj1
  EM7BhGFJog0lDQU3cWtj0U601UwGYirGcXt1ysTG0eVy5vOtx8sLsRfaZJJeanjt
  T493/oGo2FGsTS214wA1I4LQwTHC+CQ3
  -----END CERTIFICATE-----
expires: 2027-01-27T09:57:48.000000Z
➔ Next to Approle