API for SSL certificate per domain

potemkin_ai

Cloudron currently allows to manage SSL certificates per app, but not per domain - could you please, implement that endpoint as well, please?

As Wildcard domains are now becoming a shorter period of life, manual management is quite troublesome.

potemkin_ai

I believe the API is actually there (as I can change the certificate via the Dashboard), but it's not documented? If so - could you possibly share the correct structure, please?

potemkin_ai

I did some reverse engineering - here is the bash, for anyone curious:

DOMAIN="mysuper-domain.com"
TOKEN="bla-bla" #cloudron's token
cd /var/db/acme/certs/*.${DOMAIN}_ecc

CERT=$(awk 'NF {printf "%s\\n", $0}' fullchain.cer)
KEY=$(awk 'NF {printf "%s\\n", $0}' "*.${DOMAIN}.key")

curl -X POST "https://my.${DOMAIN}/api/v1/domains/${DOMAIN}/config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{
    \"zoneName\": \"${DOMAIN}\",
    \"provider\": \"manual\",
    \"config\": {},
    \"tlsConfig\": { \"provider\": \"fallback\" },
    \"fallbackCertificate\": { \"cert\": \"${CERT}\", \"key\": \"${KEY}\" }
  }"

verify with openssl s_client -showcerts -connect IP:443 -servername my.${DOMAIN}.net | less

james

Hello @potemkin_ai
You can already configure each domain to not use wildcard.
This is also documented here: https://docs.cloudron.io/domains#certificates

• go into your dashboard
• click Domains
• click the Edit button next to a domain
• click Advanced settings…
• Under Certificate provider select Let's Encrypt Prod

or did I misunderstand what you are looking for?
If this is indeed what you need, can we improve something to make this information more accessible?