Certificates API
- Certificate attributes
- List certificates
- Retrieve a certificate
- Download a certificate
- Retrieve a certificate private key
- Let’s Encrypt: Order a certificate
- Let’s Encrypt: Issue a certificate
- Let’s Encrypt: Order a certificate renewal
- Let’s Encrypt: Issue a certificate renewal
Certificate attributes
Please refer to the definition of the Certificate data type in our OpenAPI documentation.
List certificates
GET /:account/domains/:domain/certificates
List the certificates for a domain in the account.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
Sorting
For general information about sorting, please refer to the main guide.
| Name | Description |
|---|---|
id |
Sort by ID |
common_name |
Sort by common name |
expiration |
Sort by expiration date |
The default sorting policy is by descending id.
Example
List all certificates for the domain dnsimple.us in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
https://api.dnsimple.com/v2/1010/domains/dnsimple.us/certificates
Response
Responds with HTTP 200 on success.
{
"data": [
{
"id": 101973,
"domain_id": 14279,
"contact_id": 11435,
"name": "www2",
"common_name": "www2.dnsimple.us",
"years": 1,
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQd3d3Mi5kbnNpbXBsZS51czCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjXrephLTu7OKVQ6F3LhmLkL6NL3ier\n1qaWPtJBbkBuzJIn8gmSG+6xGmywB6GKvP2IVkPQhPBpfc8wsTd26rbSBHnRIQal\ntk+W4aQZyIeXFARY+cRvpjeAtmpX0vwZkDMoEyhFomBfGxVfx6tSqdGlR88/x0By\ny5u7+xwkY+4jMt+wZi+wpXsScumB6DAC1PTYRvNFQy7Gcjqrc3EdzPsn3c9kLCNO\n3GCPJoWmT5Rtyd7FxjJiSIf7BDOi12BnblpSLwGvtu6Wrl+u9LJLj8zeCACwUiQG\nuvnP2lAl2YacNAgpql6C2eEnFjIub7Ul1QMUImQSDVy5dMd/UGQrOb0CAwEAAaAA\nMA0GCSqGSIb3DQEBCwUAA4IBAQA8oVxOrZCGeSFmKpNV4oilzPOepTVSWxXa19T7\nzD/azh6j6RBLZPpG4TFbpvjecum+1V7Y8ypIcwhRtlh5/zSbfJkjJsdCdZU9XZat\nT5YkOaxuCUCDajpRiyyKhHvrloTPKPXe5ygCq/Q23xm//VrXKArLSWVB9qWS6gDV\nk0y3/mIlTQ3mTgfYQySc3MPXvIgUoqmB8Ajfq1n3hSLgb1/OoKNfeVEWsON116cq\nbXvl63+XzPubj6KWZXZH/jhrs53fuLq3xyeeuOaPrn+2VceBVt4DCC9n0JS5wepl\nHDoVxtWTTNeJdP5xFB5V1KI+D4FEFBUGnQABEvajpU3vljh3\n-----END CERTIFICATE REQUEST-----\n",
"state": "issued",
"auto_renew": false,
"alternate_names": [
],
"authority_identifier": "letsencrypt",
"created_at": "2020-06-18T20:15:09Z",
"updated_at": "2020-06-18T20:30:08Z",
"expires_at": "2020-09-16T19:30:07Z",
"expires_on": "2020-09-16"
},
{
"id": 101969,
"domain_id": 14279,
"contact_id": 11435,
"name": "www",
"common_name": "www.dnsimple.us",
"years": 1,
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmTCCAYECAQAwGjEYMBYGA1UEAwwPd3d3LmRuc2ltcGxlLnVzMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rVs1z42xmPj6KdE++D182/wyMH1GG4p\nESK99FQbMimjOvYcidFTySKpSvEv5Dhmj5fb79vogBuCZQetm5Es37Gboc+D02SO\n48uE8LisuYhx1yBKryXSYnVaWz9oxEuVLtf+aq/Yt1HTu3/zzMWKPRN79OmYgWnl\n03ISfDmgzxqViYPIAObge8nB5TzlQbDV9W9eQWs12IYg4pfI+b+c9VrnMYjdz2Lk\nEhIYThIQRSi5IfNbDu8YiG87V0bTtzeT6lq2Lh3+IkyhBkF10xaivnwac1MfK/25\ntZg2PYCzG56Bf3xTtjo5P0Eb7LlBZLlwLs3hXvlU0eV2LAWm38v3wwIDAQABoDow\nOAYJKoZIhvcNAQkOMSswKTAnBgNVHREEIDAeggtkbnNpbXBsZS51c4IPd3d3LmRu\nc2ltcGxlLnVzMA0GCSqGSIb3DQEBCwUAA4IBAQBiYQ5/Dp2JML1UgYmUNqfOfKKV\nZS9HiX1OcR6bkHHIEzDV1iqDdZ/0Uqr7p6rmLkVIaDWUdano2jtMEIRGC1c8q9bH\nRlzubdyYXbBGE+iGho5crzu5Hwit3Z3J2C6f28NvfqN5Ume3jLr90qbG+1HULsUF\nR3tCKTzvvs4QAKXbo+eEafDNFToGzd0cxpesdlzu3zDu5rHfLz862QifmWZzN6JS\nj1/Q+TedS5EknTaOwGjm1od0zuD3YRJ+XzGq1G8MbuxYWXqaGQRo0TzZlYW6Ax1C\n9utnEQ5Uc+z9ejjZSv03p1VzO7bV7AOz3F40M3IfM8qQ4YMeXbGWJ98jrWDe\n-----END CERTIFICATE REQUEST-----\n",
"state": "issued",
"auto_renew": false,
"alternate_names": [
],
"authority_identifier": "letsencrypt",
"created_at": "2020-06-18T19:22:51Z",
"updated_at": "2020-06-18T19:40:13Z",
"expires_at": "2020-09-16T18:40:12Z",
"expires_on": "2020-09-16"
}
],
"pagination": {
"current_page": 1,
"per_page": 30,
"total_entries": 2,
"total_pages": 1
}
}
Errors
Responds with HTTP 401 in case of case of authentication issues.
Retrieve a certificate
GET /:account/domains/:domain/certificates/:certificate
Get the details of a certificate.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
Example
Get the certificate with the ID 101967 in the domain bingo.pizza, in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/101967
Response
Responds with HTTP 200 on success.
{
"data": {
"id": 101967,
"domain_id": 289333,
"contact_id": 2511,
"name": "www",
"common_name": "www.bingo.pizza",
"years": 1,
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmTCCAYECAQAwGjEYMBYGA1UEAwwPd3d3LmJpbmdvLnBpenphMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4+KoZ9IDCK2o5qAQpi+Icu5kksmjQzx\n5o5g4B6XhRxhsfHlK/i3iU5hc8CONjyVv8j82835RNsiKrflnxGa9SH68vbQfcn4\nIpbMz9c+Eqv5h0Euqlc3A4DBzp0unEu5QAUhR6Xu1TZIWDPjhrBOGiszRlLQcp4F\nzy6fD6j5/d/ylpzTp5v54j+Ey31Bz86IaBPtSpHI+Qk87Hs8DVoWxZk/6RlAkyur\nXDGWnPu9n3RMfs9ag5anFhggLIhCNtVN4+0vpgPQ59pqwYo8TfdYzK7WSKeL7geu\nCqVE3bHAqU6dLtgHOZfTkLwGycUh4p9aawuc6fsXHHYDpIL8s3vAvwIDAQABoDow\nOAYJKoZIhvcNAQkOMSswKTAnBgNVHREEIDAeggtiaW5nby5waXp6YYIPd3d3LmJp\nbmdvLnBpenphMA0GCSqGSIb3DQEBCwUAA4IBAQBwOLKv+PO5hSJkgqS6wL/wRqLh\nQ1zbcHRHAjRjnpRz06cDvN3X3aPI+lpKSNFCI0A1oKJG7JNtgxX3Est66cuO8ESQ\nPIb6WWN7/xlVlBCe7ZkjAFgN6JurFdclwCp/NI5wBCwj1yb3Ar5QQMFIZOezIgTI\nAWkQSfCmgkB96d6QlDWgidYDDjcsXugQveOQRPlHr0TsElu47GakxZdJCFZU+WPM\nodQQf5SaqiIK2YaH1dWO//4KpTS9QoTy1+mmAa27apHcmz6X6+G5dvpHZ1qH14V0\nJoMWIK+39HRPq6mDo1UMVet/xFUUrG/H7/tFlYIDVbSpVlpVAFITd/eQkaW/\n-----END CERTIFICATE REQUEST-----\n",
"state": "issued",
"auto_renew": false,
"alternate_names": [
],
"authority_identifier": "letsencrypt",
"created_at": "2020-06-18T18:54:17Z",
"updated_at": "2020-06-18T19:10:14Z",
"expires_at": "2020-09-16T18:10:13Z",
"expires_on": "2020-09-16"
}
}
Errors
Responds with HTTP 401 in case of case of authentication issues.
Download a certificate
GET /:account/domains/:domain/certificates/:certificate/download
Get the PEM-encoded certificate, along with the root certificate and intermediate chain.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
Example
Download the certificate with the ID 1 in the domain example.com, in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
https://api.dnsimple.com/v2/1010/domains/example.com/certificates/1/download
Response
Responds with HTTP 200 on success.
{
"data": {
"server": "-----BEGIN CERTIFICATE-----\nMIIE7TCCA9WgAwIBAgITAPpTe4O3vjuQ9L4gLsogi/ukujANBgkqhkiG9w0BAQsF\nADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA2MTEx\nNzQ4MDBaFw0xNjA5MDkxNzQ4MDBaMBkxFzAVBgNVBAMTDnd3dy53ZXBwb3MubmV0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzCcMfWoQRt5AMEY0HUb\n2GaraL1GsWOo6YXdPfe+YDvtnmDw23NcoTX7VSeCgU9M3RKs19AsCJcRNTLJ2dmD\nrAuyCTud9YTAaXQcTOLUhtO8T8+9AFVIva2OmAlKCR5saBW3JaRxW7V2aHEd/d1s\ns1CvNOO7jNppc9NwGSnDHcn3rqNv/U3MaU0gpJJRqsKkvcLU6IHJGgxyQ6AbpwJD\nIqBnzkjHu2IuhGEbRuMjyWLA2qtsjyVlfPotDxUdVouUQpz7dGHUFrLR7ma8QAYu\nOfl1ZMyrc901HGMa7zwbnFWurs3fed7vAosTRZIjnn72/3Wo7L9RiMB+vwr3NX7c\n9QIDAQABo4ICIzCCAh8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF\nBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRh9q/3Zxbk4yA/\nt7j+8xA+rkiZBTAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVoOjB4Bggr\nBgEFBQcBAQRsMGowMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnN0Zy1pbnQteDEu\nbGV0c2VuY3J5cHQub3JnLzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWlu\ndC14MS5sZXRzZW5jcnlwdC5vcmcvMCUGA1UdEQQeMByCCndlcHBvcy5uZXSCDnd3\ndy53ZXBwb3MubmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLf\nEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcw\ngasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSBy\nZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3Jk\nYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6\nLy9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEB\nAEqMdWrmdIyQxthWsX3iHmM2h/wXwEesD0VIaA+Pq4mjwmKBkoPSmHGQ/O4v8RaK\nB6gl8v+qmvCwwqC1SkBmm+9C2yt/P6WhAiA/DD+WppYgJWfcz2lEKrgufFlHPukB\nDzE0mJDuXm09QTApWlaTZWYfWKY50T5uOT/rs+OwGFFCO/8o7v5AZRAHos6uzjvq\nAtFZj/FEnXXMjSSlQ7YKTXToVpnAYH4e3/UMsi6/O4orkVz82ZfhKwMWHV8dXlRw\ntQaemFWTjGPgSLXJAtQO30DgNJBHX/fJEaHv6Wy8TF3J0wOGpzGbOwaTX8YAmEzC\nlzzjs+clg5MN5rd1g4POJtU=\n-----END CERTIFICATE-----\n",
"root": null,
"chain": [
"-----BEGIN CERTIFICATE-----\nMIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw\nGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2\nMDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0\n8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym\noLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0\nZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN\nxDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56\ndhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9\nAgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw\nHQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0\nBggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu\nY3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq\nhkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF\nUGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9\nAFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp\nDQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7\nIkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf\nzWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI\nPTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w\nSVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em\n2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0\nWzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt\nn5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=\n-----END CERTIFICATE-----"
]
}
}
Errors
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 428 if the certificate cannot be downloaded.
Retrieve a certificate private key
GET /:account/domains/:domain/certificates/:certificate/private_key
Get the PEM-encoded certificate private key.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
Example
Download the certificate with the ID 1 in the domain example.com, in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
https://api.dnsimple.com/v2/1010/domains/example.com/certificates/1/private_key
Response
Responds with HTTP 200, renders the certificate private key.
{
"data": {
"private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAtzCcMfWoQRt5AMEY0HUb2GaraL1GsWOo6YXdPfe+YDvtnmDw\n23NcoTX7VSeCgU9M3RKs19AsCJcRNTLJ2dmDrAuyCTud9YTAaXQcTOLUhtO8T8+9\nAFVIva2OmAlKCR5saBW3JaRxW7V2aHEd/d1ss1CvNOO7jNppc9NwGSnDHcn3rqNv\n/U3MaU0gpJJRqsKkvcLU6IHJGgxyQ6AbpwJDIqBnzkjHu2IuhGEbRuMjyWLA2qts\njyVlfPotDxUdVouUQpz7dGHUFrLR7ma8QAYuOfl1ZMyrc901HGMa7zwbnFWurs3f\ned7vAosTRZIjnn72/3Wo7L9RiMB+vwr3NX7c9QIDAQABAoIBAEQx32OlzK34GTKT\nr7Yicmw7xEGofIGa1Q2h3Lut13whsxKLif5X0rrcyqRnoeibacS+qXXrJolIG4rP\nTl8/3wmUDQHs5J+6fJqFM+fXZUCP4AFiFzzhgsPBsVyd0KbWYYrZ0qU7s0ttoRe+\nTGjuHgIe3ip1QKNtx2Xr50YmytDydknmro79J5Gfrub1l2iA8SDm1eBrQ4SFaNQ2\nU709pHeSwX8pTihUX2Zy0ifpr0O1wYQjGLneMoG4rrNQJG/z6iUdhYczwwt1kDRQ\n4WkM2sovFOyxbBfoCQ3Gy/eem7OXfjNKUe47DAVLnPkKbqL/3Lo9FD7kcB8K87Ap\nr/vYrl0CgYEA413RAk7571w5dM+VftrdbFZ+Yi1OPhUshlPSehavro8kMGDEG5Ts\n74wEz2X3cfMxauMpMrBk/XnUCZ20AnWQClK73RB5fzPw5XNv473Tt/AFmt7eLOzl\nOcYrhpEHegtsD/ZaljlGtPqsjQAL9Ijhao03m1cGB1+uxI7FgacdckcCgYEAzkKP\n6xu9+WqOol73cnlYPS3sSZssyUF+eqWSzq2YJGRmfr1fbdtHqAS1ZbyC5fZVNZYV\nml1vfXi2LDcU0qS04JazurVyQr2rJZMTlCWVET1vhik7Y87wgCkLwKpbwamPDmlI\n9GY+fLNEa4yfAOOpvpTJpenUScxyKWH2cdYFOOMCgYBhrJnvffINC/d64Pp+BpP8\nyKN+lav5K6t3AWd4H2rVeJS5W7ijiLTIq8QdPNayUyE1o+S8695WrhGTF/aO3+ZD\nKQufikZHiQ7B43d7xL7BVBF0WK3lateGnEVyh7dIjMOdj92Wj4B6mv2pjQ2VvX/p\nAEWVLCtg24/+zL64VgxmXQKBgGosyXj1Zu2ldJcQ28AJxup3YVLilkNje4AXC2No\n6RCSvlAvm5gpcNGE2vvr9lX6YBKdl7FGt8WXBe/sysNEFfgmm45ZKOBCUn+dHk78\nqaeeQHKHdxMBy7utZWdgSqt+ZS299NgaacA3Z9kVIiSLDS4V2VeW7riujXXP/9TJ\nnxaRAoGBAMWXOfNVzfTyrKff6gvDWH+hqNICLyzvkEn2utNY9Q6WwqGuY9fvP/4Z\nXzc48AOBzUr8OeA4sHKJ79sJirOiWHNfD1swtvyVzsFZb6moiNwD3Ce/FzYCa3lQ\nU8blTH/uqpR2pSC6whzJ/lnSdqHUqhyp00000000000000000000\n-----END RSA PRIVATE KEY-----\n"
}
}
Errors
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 428 if the private key cannot be downloaded.
Let’s Encrypt: Order a certificate
This endpoint is currently in Public Preview. During the Preview, period changes may occur at any time.
Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.
POST /:account/domains/:domain/certificates/letsencrypt
Purchase a Let’s Encrypt certificate with DNSimple.
The certificate itself is free, but some features of the certificate may require higher tier plans.
The domain must be delegated to DNSimple.
Certificate name
The default certificate name is www and covers both the root domain (e.g. example.com) and the www subdomain (e.g. www.example.com).
You can choose a custom name (like api), which is valid only for https://api.example.com.
Custom names require a subscription to a Professional or Enterprise plan.
Alternate names
A certificate can be purchased for multiple subdomains. We call them alternate names or Subject Alternative Name (SAN).
By default, a certificate doesn’t have alternate names.
You can purchase a single certificate for both https://docs.example.com and https://status.example.com, alongside https://example.com.
Alternate names require a subscription to a Professional or Enterprise plan.
Wildcard certificates
To request a wildcard certificate that’s valid for an unlimited number of names that belong to a single subdomain level, use * (e.g. *.example.com).
Let’s Encrypt wildcard certificates is a feature that is only available to the Professional or Enterprise plans. If the feature is not enabled, you will receive an HTTP 412 response code.
Auto renewal
By default, a certificate isn’t auto-renewed when it expires.
Certificates with auto-renewal disabled may be renewed manually.
You may also purchase the certificate once and select the auto-renewal option. With auto-renewal enabled, our system automatically renews a certificate before it expires. Notifications for renewed certificates are sent via email, and a webhook is fired when a new certificate is available. You’ll still have to install the renewed certificate.
Signature algorithm
By default, a certificate uses ECDSA signature algorithm, but RSA can be used as well if your specific scenario required it.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
Example
Purchase a Let’s Encrypt certificate for bingo.pizza in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-X POST \
-d '<json>' \
https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt
Input
| Name | Type | Description |
|---|---|---|
auto_renew |
bool |
Set to true to enable the auto-renewal of the certificate. Default: false. |
name |
string |
The certificate name. Default: "www". |
alternate_names |
array<string> |
The certificate alternate names. Default: []. Example: ["docs.example.com", "status.example.com"]
|
signature_algorithm |
string |
Optional string to determine the signature algorithm to be used. Either ECDSA or RSA, defaults to ECDSA. |
Response
Responds with HTTP 201 on success.
{
"data": {
"id": 101967,
"certificate_id": 101967,
"state": "new",
"auto_renew": false,
"created_at": "2020-06-18T18:54:17Z",
"updated_at": "2020-06-18T18:54:17Z"
}
}
Errors
Responds with HTTP 400 if the certificate cannot be ordered.
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 412 if the account cannot order this certificate type.
Let’s Encrypt: Issue a certificate
This endpoint is currently in Public Preview. During the Preview, period changes may occur at any time.
Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.
POST /:account/domains/:domain/certificates/letsencrypt/:certificate/issue
Issue a Let’s Encrypt certificate purchased with DNSimple.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
Example
Issue a Let’s Encrypt certificate with ID 101967, for bingo.pizza in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
-X POST \
https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt/101967/issue
Response
Responds with HTTP 202 on success.
{
"data": {
"id": 101967,
"domain_id": 289333,
"contact_id": 2511,
"name": "www",
"common_name": "www.bingo.pizza",
"years": 1,
"csr": null,
"state": "requesting",
"auto_renew": false,
"alternate_names": [
],
"authority_identifier": "letsencrypt",
"created_at": "2020-06-18T18:54:17Z",
"updated_at": "2020-06-18T18:56:20Z",
"expires_at": null,
"expires_on": null
}
}
The certificate will be in state requesting, and it can’t be downloaded until issued by Let’s Encrypt.
You can subscribe to a webhook to receive a notification when the certificate is issued.
Errors
Responds with HTTP 400 if the certificate cannot be issued.
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 412 if the account cannot issue this certificate type.
Let’s Encrypt: Order a certificate renewal
This endpoint is currently in Public Preview. During the Preview, period changes may occur at any time.
Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.
POST /:account/domains/:domain/certificates/letsencrypt/:certificate/renewals
Renew a Let’s Encrypt certificate purchased with DNSimple.
You must renew a certificate only if it does NOT use the auto renewal feature.
You can always enable or disable auto renewal when renewing a certificate.
Signature algorithm
By default, a certificate uses ECDSA signature algorithm, but RSA can be used as well if your specific scenario required it.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
Example
Renew a Let’s Encrypt certificate with ID 101967 for bingo.pizza in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-X POST \
-d '<json>' \
https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt/101967/renewals
Input
| Name | Type | Description |
|---|---|---|
auto_renew |
bool |
Set to true to enable the auto-renewal of the certificate. Default: false. |
signature_algorithm |
string |
Optional string to determine the signature algorithm to be used. Either ECDSA or RSA, defaults to ECDSA. |
Response
Responds with HTTP 201 on success.
{
"data": {
"id": 65082,
"old_certificate_id": 101967,
"new_certificate_id": 101972,
"state": "new",
"auto_renew": false,
"created_at": "2020-06-18T19:56:20Z",
"updated_at": "2020-06-18T19:56:20Z"
}
}
Errors
Responds with HTTP 400 if the certificate renewal cannot be ordered.
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 412 if the account cannot renew this certificate type.
Let’s Encrypt: Issue a certificate renewal
This endpoint is currently in Public Preview. During the Preview, period changes may occur at any time.
Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.
POST /:account/domains/:domain/certificates/letsencrypt/:certificate/renewals/:certificate_renewal/issue
Issue a Let’s Encrypt certificate renewed with DNSimple.
Parameters
| Name | Type | Description |
|---|---|---|
:account |
integer |
The account id |
:domain |
string, integer
|
The domain name or id |
:certificate |
integer |
The certificate id |
:certificate_renewal |
integer |
The certificate renewal id |
The :certificate_renewal ID is the one returned by the renewal.
Example
Issue a Let’s Encrypt certificate renewal with ID 65082, for the certificate 101967, for bingo.pizza in the account 1010:
curl -H 'Authorization: Bearer <token>' \
-H 'Accept: application/json' \
-X POST \
https://api.dnsimple.com/v2/1010/domains/example.com/certificates/letsencrypt/101967/renewals/65082/issue
Response
Responds with HTTP 202 on success.
{
"data": {
"id": 101972,
"domain_id": 289333,
"contact_id": 2511,
"name": "www",
"common_name": "www.bingo.pizza",
"years": 1,
"csr": null,
"state": "requesting",
"auto_renew": false,
"alternate_names": [
],
"authority_identifier": "letsencrypt",
"created_at": "2020-06-18T19:56:20Z",
"updated_at": "2020-06-18T20:05:26Z",
"expires_at": null,
"expires_on": null
}
}
The certificate will be in state requesting, and it can’t be downloaded until issued by Let’s Encrypt.
You can subscribe to a webhook to be notified once the certificate is issued.
Errors
Responds with HTTP 400 if the certificate renewal cannot be issued.
Responds with HTTP 401 in case of case of authentication issues.
Responds with HTTP 412 if the account cannot issue this certificate type.