Skip to content

Create a certificate

POST
/api/organizations/{organizationId}/certificates

Creates a certificate for an apex domain in the organization; the domain is created automatically if it does not exist yet. domainName is required and must be a root domain. For auto_managed certificates, apex and wildcard SANs are seeded automatically and no certificateData/privateKeyData may be supplied (422 otherwise). For custom certificates, certificateData and privateKeyData are required and are parsed and verified - invalid or expired content returns 422. Returns 409 if the domain already has a certificate.

Authorizations

ApiToken

Long-lived API token created via POST /api/api-tokens (returned once in plaintext).

Type
API Key (header: X-API-TOKEN)
or
JWT

JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer .

Type
HTTP (bearer)

Parameters

Path Parameters

organizationId*

Organization identifier

Type
string
Required

Request Body

JSON
{
  
"domainName": "example.com",
  
"type": "auto_managed",
  
"certificateData": "-----BEGIN CERTIFICATE----- MIIC...snip...IDAQAB -----END CERTIFICATE-----",
  
"privateKeyData": "-----BEGIN PRIVATE KEY----- MIIE...snip...QIDAQ -----END PRIVATE KEY-----",
  
"chainData": "-----BEGIN CERTIFICATE----- MIID...snip...b3RQ -----END CERTIFICATE-----"
}

Responses

certificate resource created

JSON
{
  
"@context": "string",
  
"@id": "string",
  
"@type": "string",
  
"id": "9f8b7c6d-5e4f-4a3b-8c2d-1e0f9a8b7c6d",
  
"domainName": "example.com",
  
"type": "auto_managed",
  
"status": "active",
  
"certificateData": "-----BEGIN CERTIFICATE----- MIIC...snip...IDAQAB -----END CERTIFICATE-----",
  
"privateKeyData": "-----BEGIN PRIVATE KEY----- MIIE...snip...QIDAQ -----END PRIVATE KEY-----",
  
"chainData": "-----BEGIN CERTIFICATE----- MIID...snip...b3RQ -----END CERTIFICATE-----",
  
"expiresAt": "2026-09-30T12:00:00+00:00",
  
"issuer": "Let's Encrypt",
  
"fingerprint": "sha256:3b:0a:1f:...:9c:2d",
  
"sans": [
  
  
{
  
  
  
"@context": "string",
  
  
  
"@id": "string",
  
  
  
"@type": "string",
  
  
  
"id": "9d1e8a4c-6b2f-4d3e-8a1b-2c3d4e5f6a7b",
  
  
  
"name": "www.example.com",
  
  
  
"dnsStatus": "valid",
  
  
  
"sslStatus": "covered"
  
  
}
  
],
  
"lastAttempt": {
  
  
"@context": "string",
  
  
"@id": "string",
  
  
"@type": "string",
  
  
"id": "9f1c2d3e-4b5a-6789-abcd-ef0123456789",
  
  
"type": "acme_renew",
  
  
"status": "succeeded",
  
  
"startedAt": "2026-07-01T09:15:00+00:00",
  
  
"finishedAt": "2026-07-01T09:16:42+00:00"
  
},
  
"createdAt": "2026-07-01T09:15:00+00:00",
  
"updatedAt": "2026-07-01T09:20:00+00:00",
  
"organizationId": 42,
  
"attemptCount": 3
}

Playground

Authorization
Variables
Key
Value
Body

Samples

Powered by VitePress OpenAPI