• GeneralAPISSL

  • Purpose of is_opalstack_webfaction in cert creation api

Why is there an is_opalstack_webfaction parameter in the cert creation api? No domain names can be provided, so I don't see how it is useful.

https://my.opalstack.com/api/v1/doc/#/cert/cert_create

(Asking because I'm fiddling with a Terraform provider for Opalstack, and want to make sure I'm understanding.)

Thanks!

  • sean replied to this.

    will_in_wi There is no "is_opalstack_webfaction" parameter for certs.

    There is an "is_opalstack_letsencrypt" parameter which tells our system that the certificate is a LE cert managed by our system.

        sean Hey Sean! Thanks for responding. It might help to fix the documentation here, then: https://my.opalstack.com/api/v1/doc/#/cert/cert_create

        The request body is listed as

        [
  {
    "name": "string",
    "cert": "string",
    "intermediates": "string",
    "key": "string",
    "is_opalstack_letsencrypt": false
  }
]
        • sean replied to this.

            will_in_wi You originally inquired about a parameter is_opalstack_webfaction (ends with "webfaction"). That parameter does not exist.

            The documented parameter is is_opalstack_letsencrypt (ends with "letsencrypt"). That is correct.

            The parameter cannot be used to generate a LE certificate, it only indicates whether or not a certificate is a generated LE certificate.

            To generate a LE certificate via the API you must do site/update (or site/create) with the generate_le parameter set to true. You cannot generate an LE certificate on its own without a site.

                sean Ach, my apologies, that's what I get for typing from memory instead of copy/pasting. I did mean is_opalstack_letsencrypt.

                I guess I'm confused as to why this parameter is documented as being something you can add to what you send to the API, when it only seems to make sense coming out of the API.

                • sean replied to this.

                    will_in_wi That does seem a bit off to me too, I'll ask the devs about it and will let you know what I find out.

                      will_in_wi it's an artifact of a previous version of the API that allowed a challenge token to be served without having LE enabled on the site itself.

                      The API no longer operates that way, so the input is basically cruft now. We'll either remove it or to find a new purpose for it.

                        Mastodon