API Documentation – Certificate Endpoints
Base URLPOST /api/v1/certPOST /api/v1/pem
Authentication
All requests require the header:
X-Api-Key: <your-guid-api-key>
The API key must be associated with all requested domains and must be enabled.
POST /api/v1/cert
Obtain a multi-domain (SAN) certificate in .pfx format (PKCS#12)
Request Body
{
"staging": false,
"domains": "example.com,www.example.com,blog.example.com",
"profile": "classic"
}
| Field | Type | Required | Description | Possible values |
|---|---|---|---|---|
| staging | boolean | yes | Use Let's Encrypt staging environment (for testing) | true, false |
| domains | string | yes | Comma, semicolon or space separated list of domains | e.g. "example.com,www.example.com" |
| profile | string | no | Certificate profile to request | "classic", "tlsserver", "shortlived" (default: "classic") |
Response
-
200 OK
Content-Type:application/x-pkcs12
Body: binary .pfx file
Content-Disposition:attachment; filename="cert-....pfx" -
401 Unauthorized
{ "message": "Invalid or unauthorized API key" } -
500 Internal Server Error
{ "message": "No certificate was generated" }
POST /api/v1/pem
Obtain certificates in PEM format (certificate + private key + chain)
Request Body
Same as /cert endpoint:
{
"staging": false,
"domains": "example.com,www.example.com",
"profile": "tlsserver"
}
Response
- 200 OK
Content-Type:application/json
[
{
"Domain": "example.com",
"Certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
"PrivateKey": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
"Chain": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
},
{
"Domain": "www.example.com",
...
}
]
-
401 Unauthorized
Same as above
Important Notes
- The same API key must have access to all domains listed in
domains staging: true→ uses Let's Encrypt staging environment (much higher rate limits, not trusted by browsers)-
profilevalues:classic→ standard certificatetlsserver→ usually more strict / modern settingsshortlived→ very short validity (e.g. 7 days)
- The
/certendpoint returns one .pfx file containing all the domain's (SAN) certificate + key + chain - The
/pemendpoint returns a list with separate PEM blocks for each domain