Let’s Encrypt Domain Configuration

Overview

Use the Let’s Encrypt Domain Configuration API to create, retrieve, or delete a domain configuration when using Let’s Encrypt.

REST Endpoint: /mgmt/cm/adc-core/external-ca/config

Requests

POST /mgmt/cm/adc-core/external-ca/lets-encrypt/config

Send a POST request to the endpoint to save domain configurations.

Request Parameters

Name Type Required Description
externalCaConfigReference object True Link to the CA configuration
     link string True URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
domain object True List of the domains being configured
     domainName string True The domain name

Query Parameters

None

Response

The JSON in the POST’s response can include the following parameters.

HTTP/1.1 200 OK

Name Type Description
uuid string UUID of the configuration
externalCaConfigReference object Link to the CA configuration
     link string URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
name string Name of the server
domains object A list of objects describing each domain.
     domainName string The name of the domain
     authenticationUrl string URL for authenticationUrl
     authExpiryDate string Expiration date
     challengeToken string Challenge token
     httpChallengeContent string Challenge content
     httpChallengeUrl string Challenge URL
     dnsChallengeContent string Challenge content
     dnsChallengeUrl string Challenge URL
     tlsChallengeCertContent string Challenge content
     tlsChallengeKeyContent string Challenge content
     tlsChallengeUrl string Challenge URL
accountLocation string URL for the account location
accountCreatedData string Date and time the account was created
selfLink string URL for the domain configuration

Permissions

Role Allow
admin Yes
Certificate Editor/Viewer No

GET /mgmt/cm/adc-core/external-ca/lets-encrypt/config

To retrieve information for all domain configurations, you can send a GET request to the endpoint. To retrieve information for a specific configuration, append the uuid for the configuration.

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
items object A list of domain configurations
     uuid string UUID of the configuration
     externalCaConfigReference object Link to the CA configuration
          link string URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
     name string Name of the server
     domains object A list of objects describing each domain.
          domainName string The name of the domain
          authenticationUrl string URL for authenticationUrl
          authExpiryDate string Expiration date
          challengeToken string Challenge token
          httpChallengeContent string Challenge content
          httpChallengeUrl string Challenge URL
          dnsChallengeContent string Challenge content
          dnsChallengeUrl string Challenge URL
          tlsChallengeCertContent string Challenge content
          tlsChallengeKeyContent string Challenge content
          tlsChallengeUrl string Challenge URL
     accountLocation string URL for the account location
     accountCreatedData string Date and time the account was created
     selfLink string URL to this item
selfLink string URL to this collection of items

Permissions

Role Allow
admin Yes
Certificate Editor/Viewer Yes

PATCH /mgmt/cm/adc-core/external-ca/lets-encrypt/config/{uuid}

Send a PATCH request to add or delete domain configurations of a CA configuration. Append the uuid of the CA configuration to the PATCH request.

Request Parameters

The body of the PATCH request can contain the domain configuration you want to add to the CA configuration. To delete a domain configuration you can send a PATCH with the domain information removed.

Name Type Required Description
externalCaConfigReference object True Link to the CA configuration
     link string True URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
domain object True A list of the domains
     domainName string True A domain name

Query Parameters

None

Response

The JSON in the POST’s response can include the following parameters.

HTTP/1.1 200 OK

Name Type Description
uuid string UUID of the configuration
externalCaConfigReference object Link to the CA configuration
     link string URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
name string Name of the server
domains object A list of objects describing each domain.
     domainName string The name of the domain
     authenticationUrl string URL for authenticationUrl
     authExpiryDate string Expiration date
     challengeToken string Challenge token
     httpChallengeContent string Challenge content
     httpChallengeUrl string Challenge URL
     dnsChallengeContent string Challenge content
     dnsChallengeUrl string Challenge URL
     tlsChallengeCertContent string Challenge content
     tlsChallengeKeyContent string Challenge content
     tlsChallengeUrl string Challenge URL
accountLocation string URL for the account location
accountCreatedData string Date and time the account was created
selfLink string URL for this configuration

Permissions

Role Allow
admin Yes
Certificate Editor/Viewer No

PUT /mgmt/cm/adc-core/external-ca/lets-encrypt/config/{uuid}

Send a PUT request to add or delete domain configurations of a CA configuration. Append the uuid of the CA configuration to the PUT request.

Request Parameters

The body of the PUT request can contain the domain configuration you want to add to the CA configuration. To delete a domain configuration you can send a PUT with the domain information removed.

Name Type Required Description
externalCaConfigReference object True Link to the CA configuration
     link string True URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
domain object True A list of the domains
     domainName string True A domain name

Query Parameters

None

Response

The JSON in the PUT’s response can include the following parameters.

HTTP/1.1 200 OK

Name Type Description
uuid string UUID of the configuration
externalCaConfigReference object Link to the CA configuration
     link string URL for the CA configuration. This can be the value of the selfLink returned by the CA Configuration API.
name string Name of the server
domains object A list of objects describing each domain.
     domainName string The name of the domain
     authenticationUrl string URL for authenticationUrl
     authExpiryDate string Expiration date
     challengeToken string Challenge token
     httpChallengeContent string Challenge content
     httpChallengeUrl string Challenge URL
     dnsChallengeContent string Challenge content
     dnsChallengeUrl string Challenge URL
     tlsChallengeCertContent string Challenge content
     tlsChallengeKeyContent string Challenge content
     tlsChallengeUrl string Challenge URL
accountLocation string URL for the account location
accountCreatedData string Date and time the account was created
selfLink string URL of this configuration

Permissions

Role Allow
admin Yes
Certificate Editor/Viewer No

Examples

POST to save a new domain configuration

The following example saves a new Let’s Encrypt domain configuration.

POST https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/config

The JSON in the body of the POST request can look similar to the following example.

{
    "externalCaConfigReference": {
            "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "domains": [{
                    "domainName": "letsencrypt.example1.de"
            },
            {
                    "domainName": "letsencrypt.example2.de"
            }
    ]
}

Response

The JSON in the body of the POST response can look similar to the following example.

HTTP/1.1 200 OK

{
    "uuid": "a812b8da-4a11-3dca-8bd4-7f247352c49a",
    "externalCaConfigReference": {
            "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "name": "LE_Staging_Server",
    "domains": [{
                    "domainName": "letsencrypt.example1.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139283",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/lb5-OQ",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/u6VmaQ",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----",
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/SjNpbA"
            },
            {
                    "domainName": "letsencrypt.example2.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139174",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/vMAd_g",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/1GybMg",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----",
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/YesVuA"
            }
    ],
    "accountLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/10550349",
    "accountCreatedData": "2019-08-13T09:35:28Z",
    "generation": 1,
    "lastUpdateMicros": 1565696148351388,
    "kind": "cm:adc-core:external-ca:lets-encrypt:config:letsencryptconfigstate",
    "selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/config/a812b8da-4a11-3dca-8bd4-7f247352c49a"
}

GET to retrieve all domain configurations

You can send a GET request to retrieve all or specific domain configurations

GET https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/config

Response

The JSON in the GET’s response can look similar to the following example.

{
    "items": [{
            "uuid": "a812b8da-4a11-3dca-8bd4-7f247352c49a",
            "externalCaConfigReference": {
                    "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
            },
            "name": "LE_Staging_Server",
            "domains": [{
                            "domainName": "letsencrypt.example1.de",
                            "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139283",
                            "authExpiryDate": "2019-09-12T08:26:10Z",
                            "challengeToken": "-----omitted from sample-----",
                            "httpChallengeContent": "-----omitted from sample-----",
                            "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/lb5-OQ",
                            "dnsChallengeContent": "-----omitted from sample-----",
                            "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/u6VmaQ",
                            "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                            "tlsChallengeKeyContent": "-----omitted from sample-----",
                            "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/SjNpbA"
                    },
                    {
                            "domainName": "letsencrypt.example2.de",
                            "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139174",
                            "authExpiryDate": "2019-09-12T08:26:10Z",
                            "challengeToken": "-----omitted from sample-----",
                            "httpChallengeContent": "-----omitted from sample-----",
                            "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/vMAd_g",
                            "dnsChallengeContent": "-----omitted from sample-----",
                            "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/1GybMg",
                            "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                            "tlsChallengeKeyContent": "-----omitted from sample-----",
                            "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/YesVuA"
                    }
            ],
            "accountLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/10550349",
            "accountCreatedData": "2019-08-13T09:35:28Z",
            "generation": 1,
            "lastUpdateMicros": 1565696148351388,
            "kind": "cm:adc-core:external-ca:lets-encrypt:config:letsencryptconfigstate",
            "selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/config/a812b8da-4a11-3dca-8bd4-7f247352c49a"
    }],
    "generation": 2,
    "kind": "cm:adc-core:external-ca:lets-encrypt:config:letsencryptconfigcollectionstate",
    "lastUpdateMicros": 1565696150680342,
    "selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/config"
}

PATCH to update a domain configuration

To add or delete a specific domain configurations send a PATCH with the domain configurations. Specify the configuration by the value of its uuid.

PATCH https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/config/{uuid}

The JSON in the body of the PATCH can look similar to the following example.

{
    "externalCaConfigReference": {
        "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "domains": [
        {
            "domainName": "letsencrypt.example1.de"
        },
        {
            "domainName": "letsencrypt.example2.de"
        }
    ]
}

Response

HTTP/1.1 200 OK

{
    "uuid": "a812b8da-4a11-3dca-8bd4-7f247352c49a",
    "externalCaConfigReference": {
            "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "name": "LE_Staging_Server",
    "domains": [{
                    "domainName": "letsencrypt.example1.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139283",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/lb5-OQ",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/u6VmaQ",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----",
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/SjNpbA"
            },
            {
                    "domainName": "letsencrypt.example2.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139174",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/vMAd_g",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/1GybMg",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----,
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/YesVuA"
            }
    ],
    "orderLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/order/10550349/48578302",
    "accountLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/10550349",
    "accountCreatedData": "2019-08-13T09:35:28Z",
    "generation": 3,
    "lastUpdateMicros": 1567672048882654,
    "kind": "cm:adc-core:external-ca:lets-encrypt:config:letsencryptconfigstate",
    "selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/config/a812b8da-4a11-3dca-8bd4-7f247352c49a"
}

PUT to update a domain configuration

To add a domain configurations you can send a PUT with the domain configurations. Specify the configuration by the value of its uuid.

PUT https://<BIG-IQ>/mgmt/cm/adc-core/external-ca/lets-encrypt/config/{uuid}

The JSON in the body of the PUT can look similar to the following example.

{
    "externalCaConfigReference": {
            "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "domains": [{
                    "domainName": "letsencrypt.example1.de"
            },
            {
                    "domainName": "letsencrypt.example2.de"
            }
    ]
}

Response

HTTP/1.1 200 OK

{
    "uuid": "a812b8da-4a11-3dca-8bd4-7f247352c49a",
    "externalCaConfigReference": {
            "link": "https://localhost/mgmt/cm/adc-core/external-ca/config/5194e771-18d1-377d-8706-1d3102ebb312"
    },
    "name": "LE_Staging_Server",
    "domains": [{
                    "domainName": "letsencrypt.example1.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139283",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/lb5-OQ",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/u6VmaQ",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----",
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139283/SjNpbA"
            },
            {
                    "domainName": "letsencrypt.example2.de",
                    "authenticationUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7139174",
                    "authExpiryDate": "2019-09-12T08:26:10Z",
                    "challengeToken": "-----omitted from sample-----",
                    "httpChallengeContent": "-----omitted from sample-----",
                    "httpChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/vMAd_g",
                    "dnsChallengeContent": "-----omitted from sample-----",
                    "dnsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/1GybMg",
                    "tlsChallengeCertContent": "-----BEGIN CERTIFICATE-----omitted from sample-----END CERTIFICATE-----",
                    "tlsChallengeKeyContent": "-----omitted from sample-----",
                    "tlsChallengeUrl": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/7139174/YesVuA"
            }
    ],
    "orderLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/order/10550349/48578302",
    "accountLocation": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/10550349",
    "accountCreatedData": "2019-08-13T09:35:28Z",
    "generation": 3,
    "lastUpdateMicros": 1567672048882654,
    "kind": "cm:adc-core:external-ca:lets-encrypt:config:letsencryptconfigstate",
    "selfLink": "https://localhost/mgmt/cm/adc-core/external-ca/lets-encrypt/config/a812b8da-4a11-3dca-8bd4-7f247352c49a"
}