Certificates API

Certificate attributes

Please refer to the definition of the Certificate data type in our OpenAPI documentation.

List certificates

GET /:account/domains/:domain/certificates

List the certificates for a domain in the account.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Sorting

For general information about sorting, please refer to the main guide.

Name Description
id Sort by ID
common_name Sort by common name
expiration Sort by expiration date

The default sorting policy is by descending id.

Example

List all certificates for the domain dnsimple.us in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/dnsimple.us/certificates

Response

Responds with HTTP 200 on success.

{
  "data": [
    {
      "id": 101973,
      "domain_id": 14279,
      "contact_id": 11435,
      "name": "www2",
      "common_name": "www2.dnsimple.us",
      "years": 1,
      "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYDCCAUgCAQAwGzEZMBcGA1UEAwwQd3d3Mi5kbnNpbXBsZS51czCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjXrephLTu7OKVQ6F3LhmLkL6NL3ier\n1qaWPtJBbkBuzJIn8gmSG+6xGmywB6GKvP2IVkPQhPBpfc8wsTd26rbSBHnRIQal\ntk+W4aQZyIeXFARY+cRvpjeAtmpX0vwZkDMoEyhFomBfGxVfx6tSqdGlR88/x0By\ny5u7+xwkY+4jMt+wZi+wpXsScumB6DAC1PTYRvNFQy7Gcjqrc3EdzPsn3c9kLCNO\n3GCPJoWmT5Rtyd7FxjJiSIf7BDOi12BnblpSLwGvtu6Wrl+u9LJLj8zeCACwUiQG\nuvnP2lAl2YacNAgpql6C2eEnFjIub7Ul1QMUImQSDVy5dMd/UGQrOb0CAwEAAaAA\nMA0GCSqGSIb3DQEBCwUAA4IBAQA8oVxOrZCGeSFmKpNV4oilzPOepTVSWxXa19T7\nzD/azh6j6RBLZPpG4TFbpvjecum+1V7Y8ypIcwhRtlh5/zSbfJkjJsdCdZU9XZat\nT5YkOaxuCUCDajpRiyyKhHvrloTPKPXe5ygCq/Q23xm//VrXKArLSWVB9qWS6gDV\nk0y3/mIlTQ3mTgfYQySc3MPXvIgUoqmB8Ajfq1n3hSLgb1/OoKNfeVEWsON116cq\nbXvl63+XzPubj6KWZXZH/jhrs53fuLq3xyeeuOaPrn+2VceBVt4DCC9n0JS5wepl\nHDoVxtWTTNeJdP5xFB5V1KI+D4FEFBUGnQABEvajpU3vljh3\n-----END CERTIFICATE REQUEST-----\n",
      "state": "issued",
      "auto_renew": false,
      "alternate_names": [

      ],
      "authority_identifier": "letsencrypt",
      "created_at": "2020-06-18T20:15:09Z",
      "updated_at": "2020-06-18T20:30:08Z",
      "expires_at": "2020-09-16T19:30:07Z",
      "expires_on": "2020-09-16"
    },
    {
      "id": 101969,
      "domain_id": 14279,
      "contact_id": 11435,
      "name": "www",
      "common_name": "www.dnsimple.us",
      "years": 1,
      "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmTCCAYECAQAwGjEYMBYGA1UEAwwPd3d3LmRuc2ltcGxlLnVzMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rVs1z42xmPj6KdE++D182/wyMH1GG4p\nESK99FQbMimjOvYcidFTySKpSvEv5Dhmj5fb79vogBuCZQetm5Es37Gboc+D02SO\n48uE8LisuYhx1yBKryXSYnVaWz9oxEuVLtf+aq/Yt1HTu3/zzMWKPRN79OmYgWnl\n03ISfDmgzxqViYPIAObge8nB5TzlQbDV9W9eQWs12IYg4pfI+b+c9VrnMYjdz2Lk\nEhIYThIQRSi5IfNbDu8YiG87V0bTtzeT6lq2Lh3+IkyhBkF10xaivnwac1MfK/25\ntZg2PYCzG56Bf3xTtjo5P0Eb7LlBZLlwLs3hXvlU0eV2LAWm38v3wwIDAQABoDow\nOAYJKoZIhvcNAQkOMSswKTAnBgNVHREEIDAeggtkbnNpbXBsZS51c4IPd3d3LmRu\nc2ltcGxlLnVzMA0GCSqGSIb3DQEBCwUAA4IBAQBiYQ5/Dp2JML1UgYmUNqfOfKKV\nZS9HiX1OcR6bkHHIEzDV1iqDdZ/0Uqr7p6rmLkVIaDWUdano2jtMEIRGC1c8q9bH\nRlzubdyYXbBGE+iGho5crzu5Hwit3Z3J2C6f28NvfqN5Ume3jLr90qbG+1HULsUF\nR3tCKTzvvs4QAKXbo+eEafDNFToGzd0cxpesdlzu3zDu5rHfLz862QifmWZzN6JS\nj1/Q+TedS5EknTaOwGjm1od0zuD3YRJ+XzGq1G8MbuxYWXqaGQRo0TzZlYW6Ax1C\n9utnEQ5Uc+z9ejjZSv03p1VzO7bV7AOz3F40M3IfM8qQ4YMeXbGWJ98jrWDe\n-----END CERTIFICATE REQUEST-----\n",
      "state": "issued",
      "auto_renew": false,
      "alternate_names": [

      ],
      "authority_identifier": "letsencrypt",
      "created_at": "2020-06-18T19:22:51Z",
      "updated_at": "2020-06-18T19:40:13Z",
      "expires_at": "2020-09-16T18:40:12Z",
      "expires_on": "2020-09-16"
    }
  ],
  "pagination": {
    "current_page": 1,
    "per_page": 30,
    "total_entries": 2,
    "total_pages": 1
  }
}

Errors

Responds with HTTP 401 in case of case of authentication issues.

Retrieve a certificate

GET /:account/domains/:domain/certificates/:certificate

Get the details of a certificate.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id

Example

Get the certificate with the ID 101967 in the domain bingo.pizza, in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/101967

Response

Responds with HTTP 200 on success.

{
  "data": {
    "id": 101967,
    "domain_id": 289333,
    "contact_id": 2511,
    "name": "www",
    "common_name": "www.bingo.pizza",
    "years": 1,
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICmTCCAYECAQAwGjEYMBYGA1UEAwwPd3d3LmJpbmdvLnBpenphMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4+KoZ9IDCK2o5qAQpi+Icu5kksmjQzx\n5o5g4B6XhRxhsfHlK/i3iU5hc8CONjyVv8j82835RNsiKrflnxGa9SH68vbQfcn4\nIpbMz9c+Eqv5h0Euqlc3A4DBzp0unEu5QAUhR6Xu1TZIWDPjhrBOGiszRlLQcp4F\nzy6fD6j5/d/ylpzTp5v54j+Ey31Bz86IaBPtSpHI+Qk87Hs8DVoWxZk/6RlAkyur\nXDGWnPu9n3RMfs9ag5anFhggLIhCNtVN4+0vpgPQ59pqwYo8TfdYzK7WSKeL7geu\nCqVE3bHAqU6dLtgHOZfTkLwGycUh4p9aawuc6fsXHHYDpIL8s3vAvwIDAQABoDow\nOAYJKoZIhvcNAQkOMSswKTAnBgNVHREEIDAeggtiaW5nby5waXp6YYIPd3d3LmJp\nbmdvLnBpenphMA0GCSqGSIb3DQEBCwUAA4IBAQBwOLKv+PO5hSJkgqS6wL/wRqLh\nQ1zbcHRHAjRjnpRz06cDvN3X3aPI+lpKSNFCI0A1oKJG7JNtgxX3Est66cuO8ESQ\nPIb6WWN7/xlVlBCe7ZkjAFgN6JurFdclwCp/NI5wBCwj1yb3Ar5QQMFIZOezIgTI\nAWkQSfCmgkB96d6QlDWgidYDDjcsXugQveOQRPlHr0TsElu47GakxZdJCFZU+WPM\nodQQf5SaqiIK2YaH1dWO//4KpTS9QoTy1+mmAa27apHcmz6X6+G5dvpHZ1qH14V0\nJoMWIK+39HRPq6mDo1UMVet/xFUUrG/H7/tFlYIDVbSpVlpVAFITd/eQkaW/\n-----END CERTIFICATE REQUEST-----\n",
    "state": "issued",
    "auto_renew": false,
    "alternate_names": [

    ],
    "authority_identifier": "letsencrypt",
    "created_at": "2020-06-18T18:54:17Z",
    "updated_at": "2020-06-18T19:10:14Z",
    "expires_at": "2020-09-16T18:10:13Z",
    "expires_on": "2020-09-16"
  }
}

Errors

Responds with HTTP 401 in case of case of authentication issues.

Download a certificate

GET /:account/domains/:domain/certificates/:certificate/download

Get the PEM-encoded certificate, along with the root certificate and intermediate chain.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id

Example

Download the certificate with the ID 1 in the domain example.com, in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/certificates/1/download

Response

Responds with HTTP 200 on success.

{
  "data": {
    "server": "-----BEGIN CERTIFICATE-----\nMIIE7TCCA9WgAwIBAgITAPpTe4O3vjuQ9L4gLsogi/ukujANBgkqhkiG9w0BAQsF\nADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA2MTEx\nNzQ4MDBaFw0xNjA5MDkxNzQ4MDBaMBkxFzAVBgNVBAMTDnd3dy53ZXBwb3MubmV0\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzCcMfWoQRt5AMEY0HUb\n2GaraL1GsWOo6YXdPfe+YDvtnmDw23NcoTX7VSeCgU9M3RKs19AsCJcRNTLJ2dmD\nrAuyCTud9YTAaXQcTOLUhtO8T8+9AFVIva2OmAlKCR5saBW3JaRxW7V2aHEd/d1s\ns1CvNOO7jNppc9NwGSnDHcn3rqNv/U3MaU0gpJJRqsKkvcLU6IHJGgxyQ6AbpwJD\nIqBnzkjHu2IuhGEbRuMjyWLA2qtsjyVlfPotDxUdVouUQpz7dGHUFrLR7ma8QAYu\nOfl1ZMyrc901HGMa7zwbnFWurs3fed7vAosTRZIjnn72/3Wo7L9RiMB+vwr3NX7c\n9QIDAQABo4ICIzCCAh8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF\nBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRh9q/3Zxbk4yA/\nt7j+8xA+rkiZBTAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVoOjB4Bggr\nBgEFBQcBAQRsMGowMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnN0Zy1pbnQteDEu\nbGV0c2VuY3J5cHQub3JnLzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWlu\ndC14MS5sZXRzZW5jcnlwdC5vcmcvMCUGA1UdEQQeMByCCndlcHBvcy5uZXSCDnd3\ndy53ZXBwb3MubmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLf\nEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcw\ngasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSBy\nZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3Jk\nYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6\nLy9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEB\nAEqMdWrmdIyQxthWsX3iHmM2h/wXwEesD0VIaA+Pq4mjwmKBkoPSmHGQ/O4v8RaK\nB6gl8v+qmvCwwqC1SkBmm+9C2yt/P6WhAiA/DD+WppYgJWfcz2lEKrgufFlHPukB\nDzE0mJDuXm09QTApWlaTZWYfWKY50T5uOT/rs+OwGFFCO/8o7v5AZRAHos6uzjvq\nAtFZj/FEnXXMjSSlQ7YKTXToVpnAYH4e3/UMsi6/O4orkVz82ZfhKwMWHV8dXlRw\ntQaemFWTjGPgSLXJAtQO30DgNJBHX/fJEaHv6Wy8TF3J0wOGpzGbOwaTX8YAmEzC\nlzzjs+clg5MN5rd1g4POJtU=\n-----END CERTIFICATE-----\n",
    "root": null,
    "chain": [
      "-----BEGIN CERTIFICATE-----\nMIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw\nGjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2\nMDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0\n8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym\noLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0\nZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN\nxDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56\ndhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9\nAgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw\nHQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0\nBggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu\nY3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq\nhkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF\nUGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9\nAFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp\nDQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7\nIkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf\nzWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI\nPTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w\nSVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em\n2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0\nWzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt\nn5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=\n-----END CERTIFICATE-----"
    ]
  }
}

Errors

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 428 if the certificate cannot be downloaded.

Retrieve a certificate private key

GET /:account/domains/:domain/certificates/:certificate/private_key

Get the PEM-encoded certificate private key.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id

Example

Download the certificate with the ID 1 in the domain example.com, in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/certificates/1/private_key

Response

Responds with HTTP 200, renders the certificate private key.

{
  "data": {
    "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAtzCcMfWoQRt5AMEY0HUb2GaraL1GsWOo6YXdPfe+YDvtnmDw\n23NcoTX7VSeCgU9M3RKs19AsCJcRNTLJ2dmDrAuyCTud9YTAaXQcTOLUhtO8T8+9\nAFVIva2OmAlKCR5saBW3JaRxW7V2aHEd/d1ss1CvNOO7jNppc9NwGSnDHcn3rqNv\n/U3MaU0gpJJRqsKkvcLU6IHJGgxyQ6AbpwJDIqBnzkjHu2IuhGEbRuMjyWLA2qts\njyVlfPotDxUdVouUQpz7dGHUFrLR7ma8QAYuOfl1ZMyrc901HGMa7zwbnFWurs3f\ned7vAosTRZIjnn72/3Wo7L9RiMB+vwr3NX7c9QIDAQABAoIBAEQx32OlzK34GTKT\nr7Yicmw7xEGofIGa1Q2h3Lut13whsxKLif5X0rrcyqRnoeibacS+qXXrJolIG4rP\nTl8/3wmUDQHs5J+6fJqFM+fXZUCP4AFiFzzhgsPBsVyd0KbWYYrZ0qU7s0ttoRe+\nTGjuHgIe3ip1QKNtx2Xr50YmytDydknmro79J5Gfrub1l2iA8SDm1eBrQ4SFaNQ2\nU709pHeSwX8pTihUX2Zy0ifpr0O1wYQjGLneMoG4rrNQJG/z6iUdhYczwwt1kDRQ\n4WkM2sovFOyxbBfoCQ3Gy/eem7OXfjNKUe47DAVLnPkKbqL/3Lo9FD7kcB8K87Ap\nr/vYrl0CgYEA413RAk7571w5dM+VftrdbFZ+Yi1OPhUshlPSehavro8kMGDEG5Ts\n74wEz2X3cfMxauMpMrBk/XnUCZ20AnWQClK73RB5fzPw5XNv473Tt/AFmt7eLOzl\nOcYrhpEHegtsD/ZaljlGtPqsjQAL9Ijhao03m1cGB1+uxI7FgacdckcCgYEAzkKP\n6xu9+WqOol73cnlYPS3sSZssyUF+eqWSzq2YJGRmfr1fbdtHqAS1ZbyC5fZVNZYV\nml1vfXi2LDcU0qS04JazurVyQr2rJZMTlCWVET1vhik7Y87wgCkLwKpbwamPDmlI\n9GY+fLNEa4yfAOOpvpTJpenUScxyKWH2cdYFOOMCgYBhrJnvffINC/d64Pp+BpP8\nyKN+lav5K6t3AWd4H2rVeJS5W7ijiLTIq8QdPNayUyE1o+S8695WrhGTF/aO3+ZD\nKQufikZHiQ7B43d7xL7BVBF0WK3lateGnEVyh7dIjMOdj92Wj4B6mv2pjQ2VvX/p\nAEWVLCtg24/+zL64VgxmXQKBgGosyXj1Zu2ldJcQ28AJxup3YVLilkNje4AXC2No\n6RCSvlAvm5gpcNGE2vvr9lX6YBKdl7FGt8WXBe/sysNEFfgmm45ZKOBCUn+dHk78\nqaeeQHKHdxMBy7utZWdgSqt+ZS299NgaacA3Z9kVIiSLDS4V2VeW7riujXXP/9TJ\nnxaRAoGBAMWXOfNVzfTyrKff6gvDWH+hqNICLyzvkEn2utNY9Q6WwqGuY9fvP/4Z\nXzc48AOBzUr8OeA4sHKJ79sJirOiWHNfD1swtvyVzsFZb6moiNwD3Ce/FzYCa3lQ\nU8blTH/uqpR2pSC6whzJ/lnSdqHUqhyp00000000000000000000\n-----END RSA PRIVATE KEY-----\n"
  }
}

Errors

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 428 if the private key cannot be downloaded.

Let’s Encrypt: Order a certificate

This endpoint is currently in Public Preview. During the Preview period changes may occur at any time.

Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.

POST /:account/domains/:domain/certificates/letsencrypt

Purchase a Let’s Encrypt certificate with DNSimple.

The certificate itself is free, but some features of the certificate may require higher tier plans.

The domain must be delegated to DNSimple.

Certificate name

The default certificate name is www and covers both the root domain (e.g. example.com) and the www subdomain (e.g. www.example.com).

You can choose a custom name (like api), which is valid only for https://api.example.com. Custom names require a subscription to a Professional or Enterprise plan.

Alternate names

A certificate can be purchased for multiple subdomains. We call them alternate names or Subject Alternative Name (SAN).

By default, a certificate doesn’t have alternate names.

You can purchase a single certificate for both https://docs.example.com and https://status.example.com, alongside https://example.com.

Alternate names require a subscription to a Professional or Enterprise plan.

Wildcard certificates

To request a wildcard certificate that’s valid for an unlimited number of names that belong to a single subdomain level, use * (e.g. *.example.com).

Let’s Encrypt wildcard certificates is a feature that is only available to the Professional or Enterprise plans. If the feature is not enabled, you will receive an HTTP 412 response code.

Auto renewal

By default, a certificate isn’t auto-renewed when it expires.

Certificates with auto-renewal disabled may be renewed manually.

You may also purchase the certificate once and select the auto-renewal option. With auto-renewal enabled, our system automatically renews a certificate before it expires. Notifications for renewed certificates are sent via email, and a webhook is fired when a new certificate is available. You’ll still have to install the renewed certificate.

Signature algorithm

By default, a certificate uses ECDSA signature algorithm, but RSA can be used as well if your specific scenario required it.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

Purchase a Let’s Encrypt certificate for bingo.pizza in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -H 'Content-Type: application/json' \
      -X POST \
      -d '<json>' \
      https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt

Input

Name Type Description
auto_renew bool Set to true to enable the auto-renewal of the certificate. Default: false.
name string The certificate name. Default: "www".
alternate_names array<string> The certificate alternate names. Default: []. Example: ["docs.example.com", "status.example.com"]
signature_algorithm string Optional string to determine the signature algorithm to be used. Either ECDSA or RSA, defaults to ECDSA.

Response

Responds with HTTP 201 on success.

{
  "data": {
    "id": 101967,
    "certificate_id": 101967,
    "state": "new",
    "auto_renew": false,
    "created_at": "2020-06-18T18:54:17Z",
    "updated_at": "2020-06-18T18:54:17Z"
  }
}

Errors

Responds with HTTP 400 if the certificate cannot be ordered.

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 412 if the account cannot order this certificate type.

Let’s Encrypt: Issue a certificate

This endpoint is currently in Public Preview. During the Preview period changes may occur at any time.

Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.

POST /:account/domains/:domain/certificates/letsencrypt/:certificate/issue

Issue a Let’s Encrypt certificate purchased with DNSimple.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id

Example

Issue a Let’s Encrypt certificate with ID 101967, for bingo.pizza in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -X POST \
      https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt/101967/issue

Response

Responds with HTTP 202 on success.

{
  "data": {
    "id": 101967,
    "domain_id": 289333,
    "contact_id": 2511,
    "name": "www",
    "common_name": "www.bingo.pizza",
    "years": 1,
    "csr": null,
    "state": "requesting",
    "auto_renew": false,
    "alternate_names": [

    ],
    "authority_identifier": "letsencrypt",
    "created_at": "2020-06-18T18:54:17Z",
    "updated_at": "2020-06-18T18:56:20Z",
    "expires_at": null,
    "expires_on": null
  }
}

The certificate will be in state requesting, and it can’t be downloaded until issued by Let’s Encrypt. You can subscribe to a webhook to receive a notification when the certificate is issued.

Errors

Responds with HTTP 400 if the certificate cannot be issued.

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 412 if the account cannot issue this certificate type.

Let’s Encrypt: Order a certificate renewal

This endpoint is currently in Public Preview. During the Preview period changes may occur at any time.

Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.

POST /:account/domains/:domain/certificates/letsencrypt/:certificate/renewals

Renew a Let’s Encrypt certificate purchased with DNSimple.

You must renew a certificate only if it does NOT use the auto renewal feature.

You can always enable or disable auto renewal when renewing a certificate.

Signature algorithm

By default, a certificate uses ECDSA signature algorithm, but RSA can be used as well if your specific scenario required it.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id

Example

Renew a Let’s Encrypt certificate with ID 101967 for bingo.pizza in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -H 'Content-Type: application/json' \
      -X POST \
      -d '<json>' \
      https://api.dnsimple.com/v2/1010/domains/bingo.pizza/certificates/letsencrypt/101967/renewals

Input

Name Type Description
auto_renew bool Set to true to enable the auto-renewal of the certificate. Default: false.
signature_algorithm string Optional string to determine the signature algorithm to be used. Either ECDSA or RSA, defaults to ECDSA.

Response

Responds with HTTP 201 on success.

{
  "data": {
    "id": 65082,
    "old_certificate_id": 101967,
    "new_certificate_id": 101972,
    "state": "new",
    "auto_renew": false,
    "created_at": "2020-06-18T19:56:20Z",
    "updated_at": "2020-06-18T19:56:20Z"
  }
}

Errors

Responds with HTTP 400 if the certificate renewal cannot be ordered.

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 412 if the account cannot renew this certificate type.

Let’s Encrypt: Issue a certificate renewal

This endpoint is currently in Public Preview. During the Preview period changes may occur at any time.

Consider using our official clients to reduce the likelihood of breaking changes. If you are using or planning to use this endpoint we'd like to hear your feedback.

POST /:account/domains/:domain/certificates/letsencrypt/:certificate/renewals/:certificate_renewal/issue

Issue a Let’s Encrypt certificate renewed with DNSimple.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:certificate integer The certificate id
:certificate_renewal integer The certificate renewal id

The :certificate_renewal ID is the one returned by the renewal.

Example

Issue a Let’s Encrypt certificate renewal with ID 65082, for the certificate 101967, for bingo.pizza in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -X POST \
      https://api.dnsimple.com/v2/1010/domains/example.com/certificates/letsencrypt/101967/renewals/65082/issue

Response

Responds with HTTP 202 on success.

{
  "data": {
    "id": 101972,
    "domain_id": 289333,
    "contact_id": 2511,
    "name": "www",
    "common_name": "www.bingo.pizza",
    "years": 1,
    "csr": null,
    "state": "requesting",
    "auto_renew": false,
    "alternate_names": [

    ],
    "authority_identifier": "letsencrypt",
    "created_at": "2020-06-18T19:56:20Z",
    "updated_at": "2020-06-18T20:05:26Z",
    "expires_at": null,
    "expires_on": null
  }
}

The certificate will be in state requesting, and it can’t be downloaded until issued by Let’s Encrypt. You can subscribe to a webhook to be notified once the certificate is issued.

Errors

Responds with HTTP 400 if the certificate renewal cannot be issued.

Responds with HTTP 401 in case of case of authentication issues.

Responds with HTTP 412 if the account cannot issue this certificate type.