| domain | The (sub)domain you are requesting resources for. Wildcard domain is permitted. |
|---|---|
| secret | Secret to domain. Must match existing secret or can be anything if domain is new |
| type | What to retrieve. Either crt, key, pkcs12 or ocsp |
| addmaindomain | Optional. When requesting certificate for a subdomain subdomain.example.com, also include the parent domain example.com |
Returned data is in PEM format for crt and key, and binary for PKCS12 and OCSP
It is possible to ommit secret if instead using HTTP authentication. The user must have access to the domain in domain admin
| service | pki (fixed value) |
|---|---|
| pkitype | Only dkim supported at the moment |
| domain | The (sub)domain you are requesting resources for |
| secret | Secret to domain. Must match existing secret or can be anything if domain is new |
| prefix | Optional. Prefix DNS record with this value. Default is pki |
| maxage | Optional. Auto-expire PKI after this amount of seconds. Default is 30 days |