Let’s Encrypt Directory¶
Overview¶
You can use the Let’s Encrypt Directory API to create, delete or retrieve a list of Let’s Encrypt directory URLs.
REST Endpoint: /mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list¶
Requests¶
POST /mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list¶
To save a Let’s Encrypt directory list on the BIG-IQ, send a POST request to the endpoint.
The JSON in the body of the POST request can include the following parameters. If you provide a value for only serverUri, this API gets the directory list from the BIG-IQ, and if the list is not found on BIG-IQ, it queries the Let’s Encrypt server for the directory list. By including a value of true for forceUpdate along with serverUri, this API allways tries to get the resource list from the Let’s Encrypt server and updates the BIG-IQ.
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| serverUri | string | True | URL of the CA server |
| forceUpdate | boolean | False | If the value of forceUpdate is true, this API gets the directory list from the Let’s Encrypt server and updates the BIG-IQ. If forceUpdate is omitted, this API tries to get the resource list from the BIG-IQ, and if not found, queries the Let’s Encrypt server for the list and updates the BIG-IQ. |
Query Parameters¶
None
Response¶
The JSON in the POST’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Required |
|---|---|---|
| uuid | string | UUID for this item |
| serverUri | string | URL of the CA server |
| resourceUrls | object | URLs for this list |
| keyChange | string | URL for this Let’s Encrypt directory |
| revokeCert | string | URL for this Let’s Encrypt directory |
| website | string | URL for this Let’s Encrypt directory |
| newNonce | string | URL for this Let’s Encrypt directory |
| newAccount | string | URL for this Let’s Encrypt directory |
| newOrder | string | URL for this Let’s Encrypt directory |
| termsOfService | string | URL for this Let’s Encrypt directory |
| selfLink | string | URL of this list |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | No |
GET /mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list¶
Send a GET request to the endpoint to retrieve a resource list for all or a specific CA configuration. To retrieve a specific configuration append the uuid, to the URL of the GET request.
Request Parameters¶
None
Query Parameters¶
None
Response¶
The JSON in the GET’s response can include the following parameters.
HTTP/1.1 200 OK
| Name | Type | Required |
|---|---|---|
| items | object | A list of configuration records |
| uuid | string | The UUID for this item |
| serverUri | string | URL of the CA server |
| resourceUrls | object | Resource URLs for this configuration |
| keyChange | string | URL for this Let’s Encrypt directory |
| revokeCert | string | URL for this Let’s Encrypt directory |
| newNonce | string | URL for this Let’s Encrypt directory |
| newAccount | string | URL for this Let’s Encrypt directory |
| newOrder | string | URL for this Let’s Encrypt directory |
| termsOfService | string | URL for this Let’s Encrypt directory |
| selfLink | string | URL of this list |
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
DELETE /mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/{uuid}¶
To delete a specific directory list send a DELETE request and append the uuid.
Request Parameters¶
None
Query Parameters¶
None
Response¶
The JSON in the body of the response to the DELETE is for the record being removed.
HTTP/1.1 200 OK
Permissions¶
| Role | Allow |
|---|---|
| admin | Yes |
| Certificate Editor/Viewer | Yes |
Examples¶
POST to save a new Let’s Encrypt directory list¶
The following example gets the Let’s Encrypt directory list from the Let’s Encrypt server and updates the BIG-IQ.
POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list
The JSON in the body of the POST can look similar to the following example.
{
"serverUri": "https://acme-staging-v02.api.letsencrypt.org/",
"forceUpdate": true
}
Response¶
The JSON in the body of the response can look similar to the following example.
HTTP/1.1 200 OK
{
"uuid": "796d551a-7429-36e4-bc68-687abb8733d3",
"serverUri": "https://acme-staging-v02.api.letsencrypt.org/",
"resourceUrls": {
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
"website": "https://letsencrypt.org/docs/staging-environment/",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"generation": 2,
"lastUpdateMicros": 1565599700623947,
"kind": "cm:adc-core:external-ca:lets-encrypt:resource-list:letsencryptresourceliststate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/796d551a-7429-36e4-bc68-687abb8733d3"
}
GET to retrieve Let’s Encrypt directory lists for all CA configurations¶
You can send a GET request to the collection to retrieve Let’s Encrypt directory lists for all CA configurations.
GET https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list
Response¶
The JSON in the GET’s response can look similar to the following example.
{
"items": [{
"uuid": "59ec6404-afe5-3c23-aa19-b47972578c27",
"serverUri": "https://acme-v02.api.letsencrypt.org/",
"resourceUrls": {
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"generation": 1,
"lastUpdateMicros": 1565350119556388,
"kind": "cm:adc-core:external-ca:lets-encrypt:resource-list:letsencryptresourceliststate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/59ec6404-afe5-3c23-aa19-b47972578c27"
},
{
"uuid": "796d551a-7429-36e4-bc68-687abb8733d3",
"serverUri": "https://acme-staging-v02.api.letsencrypt.org/",
"resourceUrls": {
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
"website": "https://letsencrypt.org/docs/staging-environment/",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"generation": 1,
"lastUpdateMicros": 1565353260651553,
"kind": "cm:adc-core:external-ca:lets-encrypt:resource-list:letsencryptresourceliststate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/796d551a-7429-36e4-bc68-687abb8733d3"
}
],
"generation": 1,
"kind": "cm:adc-core:external-ca:lets-encrypt:resource-list:letsencryptresourcelistcollectionstate",
"lastUpdateMicros": 1565348758357060,
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list"
}
DELETE to delete a specific Let’s Encrypt directory list¶
The following example deletes a Let’s Encrypt directory list. The list is specified by the value of its uuid. The body of the DELETE request can be empty.
DELETE https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/796d551a-7429-36e4-bc68-687abb8733d3
Response¶
HTTP/1.1 200 OK
The JSON in the body of the response to the DELETE is for the removed list.
{
"uuid": "796d551a-7429-36e4-bc68-687abb8733d3",
"serverUri": "https://acme-v02.api.letsencrypt.org/",
"resourceUrls": {
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"generation": 1,
"lastUpdateMicros": 1565350119556388,
"kind": "cm:adc-core:external-ca:lets-encrypt:resource-list:letsencryptresourceliststate",
"selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/resource-list/59ec6404-afe5-3c23-aa19-b47972578c27"
}