Skip to content

General guidance

There's many ACME clients you can use, the general process is described here. getlocalcert domains supports the ACME DNS-01 protocol for certificate issuance.

API keys

If you haven't already, setup an API key for your subdomain in the console. The getlocalcert API uses API keys that are locked to a single subdomain. You'll use your API key to update a DNS record as part of the certificate issuance process.

JSON credentials file

Several ACME clients support reading credentials from a JSON file. The standard format looks like:

  "username": "<yourApiKeyId>",
  "password": "<yourApiKeySecret>",
  "fulldomain": "<yourSubdomain>",
  "subdomain": "<yourSubdomain>",
  "server_url": "",
  "allowfrom": []

Protect this file as it contains a secret key.

allowfrom is part of the acme-dns service, but is not used by getlocalcert.

Setting TXT records

getlocalcert has a compatibility API for the acme-dns service's API for managing TXT records. Many ACME clients are compatible with the acme-dns API, and this is the recommended way to integrate with getlocalcert. See the sidebar for specific instructions for several tools.

You can also set the ACME DNS-01 challenge response record manually through the getlocalcert web console, although you'll have a much better experience using an existing automated client.