Overview
Simple SSL Certificate Manager is a streamlined API for automating SSL/TLS certificate lifecycle management. Built for security professionals and DevOps teams, it enables DNS-based domain validation, certificate generation via industry-standard protocols, and secure certificate delivery. The platform handles the complexity of certificate provisioning, allowing you to focus on securing your infrastructure.
This tool is ideal for organizations managing multiple domains, implementing Infrastructure-as-Code practices, or automating certificate renewals across distributed systems. With support for staging environments and flexible email validation, it accommodates both development and production workflows.
The API follows a two-step workflow: first generate DNS challenge records for domain ownership verification, then request certificate generation after DNS records are confirmed in place. Built-in debugging capabilities help troubleshoot DNS configuration issues.
Usage
DNS Challenge Generation
First, generate DNS challenge data for domain validation:
CODEBLOCK0
Sample Response:
CODEBLOCK1
Certificate Generation
After DNS records are in place, request certificate generation:
CODEBLOCK2
Sample Response:
CODEBLOCK3
Debug DNS Configuration
Verify DNS setup before certificate generation:
CODEBLOCK4
Sample Response:
CODEBLOCK5
Endpoints
GET /
Summary: Root
Description: API information and status endpoint.
Parameters: None
Response: Empty JSON object confirming API availability.
GET /health
Summary: Health Check
Description: Verify API service health and readiness.
Parameters: None
Response: Health status confirmation.
POST /dns-challenge
Summary: Create DNS Challenge
Description: Generate DNS challenge data for manual domain ownership verification.
Parameters:
- -
domain (string, required): The domain name to validate (e.g., example.com) - INLINECODE2� (string, email format, required): Contact email for certificate issuance
Response Shape:
{
"domain": string,
"challenge_token": string,
"dns_record_type": string,
"dns_record_name": string,
"dns_record_value": string,
"challenge_expires_at": string (ISO 8601 datetime)
}
POST /generate-certificate
Summary: Generate Certificate
Description: Generate SSL certificate after DNS verification is confirmed.
Parameters:
- -
domain (string, required): The domain name for certificate issuance - INLINECODE4� (string, email format, required): Contact email for the certificate
- INLINECODE5� (boolean, optional, default: false): Set to
true after DNS records are verified - INLINECODE7� (boolean, optional, default: false): Use staging certificates for testing
Response Shape:
{
"certificate_id": string,
"domain": string,
"status": string,
"issued_at": string (ISO 8601 datetime),
"expires_at": string (ISO 8601 datetime),
"certificate_name": string,
"download_url": string
}
GET /download/{cert_name}/{filename}
Summary: Download Certificate
Description: Download generated certificate files (PEM, key, chain).
Parameters:
- -
cert_name (string, required): Certificate identifier (from generation response) - INLINECODE9� (string, required): File to download (
certificate.pem, private.key, or chain.pem)
Response: Binary certificate file content or JSON error.
GET /debug/{domain}
Summary: Debug Domain
Description: Inspect DNS configuration and validation status for a domain.
Parameters:
- -
domain (string, required): Domain name to debug (e.g., example.com)
Response Shape:
�CODEBLOCK8
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: https://api.mkkpro.com/security/ssl-certificate-manager
- API Docs: https://api.mkkpro.com:8044/docs
概述
Simple SSL Certificate Manager 是一款精简的API,用于自动化SSL/TLS证书生命周期管理。专为安全专业人员和DevOps团队打造,支持基于DNS的域名验证、通过行业标准协议生成证书以及安全交付证书。该平台处理证书配置的复杂性,让您能够专注于保护基础设施安全。
该工具非常适合管理多个域名、实施基础设施即代码实践或在分布式系统中自动续期证书的组织。支持预发布环境和灵活的电子邮件验证,可同时满足开发和生产工作流程。
API遵循两步工作流程:首先生成DNS挑战记录用于域名所有权验证,然后在确认DNS记录生效后请求生成证书。内置调试功能可帮助排查DNS配置问题。
使用方法
DNS挑战生成
首先,生成用于域名验证的DNS挑战数据:
json
POST /dns-challenge
Content-Type: application/json
{
domain: example.com,
email: admin@example.com
}
示例响应:
json
{
domain: example.com,
challenge_token: abc123xyz789,
dnsrecordtype: TXT,
dnsrecordname: _acme-challenge.example.com,
dnsrecordvalue: abc123xyz789validationstring,
challengeexpiresat: 2025-01-15T14:30:00Z
}
证书生成
DNS记录生效后,请求生成证书:
json
POST /generate-certificate
Content-Type: application/json
{
domain: example.com,
email: admin@example.com,
confirmed: true,
staging: false
}
示例响应:
json
{
certificateid: cert67890abcde,
domain: example.com,
status: issued,
issued_at: 2025-01-15T14:35:00Z,
expires_at: 2026-01-15T14:35:00Z,
certificatename: examplecom_2025,
downloadurl: /download/examplecom_2025/certificate.pem
}
调试DNS配置
在生成证书前验证DNS设置:
GET /debug/example.com
示例响应:
json
{
domain: example.com,
dns_records: [
{
name: _acme-challenge.example.com,
type: TXT,
value: abc123xyz789validationstring,
status: verified,
ttl: 300
}
],
validation_status: success,
checked_at: 2025-01-15T14:33:00Z
}
端点
GET /
摘要: 根路径
描述: API信息和状态端点。
参数: 无
响应: 确认API可用性的空JSON对象。
GET /health
摘要: 健康检查
描述: 验证API服务健康状态和就绪情况。
参数: 无
响应: 健康状态确认。
POST /dns-challenge
摘要: 创建DNS挑战
描述: 生成用于手动域名所有权验证的DNS挑战数据。
参数:
- - domain(字符串,必填):要验证的域名(例如 example.com)
- email(字符串,电子邮件格式,必填):用于证书签发的联系邮箱
响应结构:
{
domain: 字符串,
challenge_token: 字符串,
dnsrecordtype: 字符串,
dnsrecordname: 字符串,
dnsrecordvalue: 字符串,
challengeexpiresat: 字符串(ISO 8601 日期时间)
}
POST /generate-certificate
摘要: 生成证书
描述: DNS验证确认后生成SSL证书。
参数:
- - domain(字符串,必填):用于签发证书的域名
- email(字符串,电子邮件格式,必填):证书的联系邮箱
- confirmed(布尔值,可选,默认值:false):DNS记录验证后设置为 true
- staging(布尔值,可选,默认值:false):使用预发布证书进行测试
响应结构:
{
certificate_id: 字符串,
domain: 字符串,
status: 字符串,
issued_at: 字符串(ISO 8601 日期时间),
expires_at: 字符串(ISO 8601 日期时间),
certificate_name: 字符串,
download_url: 字符串
}
GET /download/{cert_name}/{filename}
摘要: 下载证书
描述: 下载生成的证书文件(PEM、密钥、链)。
参数:
- - cert_name(字符串,必填):证书标识符(来自生成响应)
- filename(字符串,必填):要下载的文件(certificate.pem、private.key 或 chain.pem)
响应: 二进制证书文件内容或JSON错误。
GET /debug/{domain}
摘要: 调试域名
描述: 检查域名的DNS配置和验证状态。
参数:
- - domain(字符串,必填):要调试的域名(例如 example.com)
响应结构:
{
domain: 字符串,
dns_records: [
{
name: 字符串,
type: 字符串,
value: 字符串,
status: 字符串,
ttl: 整数
}
],
validation_status: 字符串,
checked_at: 字符串(ISO 8601 日期时间)
}
定价
| 套餐 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费版 | 5 | 50 | 免费 |
| 开发者版 |
20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于
ToolWeb.in - 200+安全API,CISSP和CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考
- - Kong路由: https://api.mkkpro.com/security/ssl-certificate-manager
- API文档: https://api.mkkpro.com:8044/docs
