Regenerate ACME credentials
3 minute read
POST
https://www.digicert.com/partner-subscription/api/v1/acme/{{acme_contract_id}}/credentials/regenerate
Use this endpoint to generate new ACME External Account Binding (EAB) credentials for an existing ACME contract.
By default, this endpoint revokes all existing credentials before generating new ones. To keep existing credentials active while generating new credentials, set revoke_existing to false. This is useful for zero-downtime credential rotation.
- This endpoint requires a subaccount Partner Subscriptions API key. Parent account API keys are not accepted for ACME contract operations.
- Revoking ACME credentials does not cancel the ACME contract. The configuration for SANs, product, and billing does not change and remains active.
- Existing certificates issued with old credentials remain valid until their natural expiration.
Update your ACME client configuration with the new
eab_set values after regenerating credentials. If existing credentials are revoked, ACME clients using the old credentials can no longer issue certificates.Example requests and responses
curl -X POST \
https://www.digicert.com/partner-subscription/api/v1/acme/12345/credentials/regenerate \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-APIKEY: {{subaccount_partner_api_key}}' \
-d '{
"revoke_existing": true
}'curl -X POST \
https://www.digicert.com/partner-subscription/api/v1/acme/12345/credentials/regenerate \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-APIKEY: {{subaccount_partner_api_key}}' \
-d '{
"revoke_existing": false
}'import requests
url = "https://www.digicert.com/partner-subscription/api/v1/acme/12345/credentials/regenerate"
payload = "{\n \"revoke_existing\": true\n}"
headers = {
'X-PARTNER-APIKEY': "{{subaccount_partner_api_key}}",
'Content-Type': "application/json"
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://www.digicert.com/partner-subscription/api/v1/acme/12345/credentials/regenerate"
payload := strings.NewReader("{\n \"revoke_existing\": true\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-PARTNER-APIKEY", "{{subaccount_partner_api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}var request = require("request");
var options = {
method: 'POST',
url: 'https://www.digicert.com/partner-subscription/api/v1/acme/12345/credentials/regenerate',
headers: {
'Content-Type': 'application/json',
'X-PARTNER-APIKEY': '{{subaccount_partner_api_key}}'
},
body: {
revoke_existing: true
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});201 Created
{
"acme_contract_id": 123,
"account_id": 42,
"directory_url": "https://acme.digicert.com/v2/acme/directory",
"eab_set": {
"kid": "new-eab-kid-value",
"hmac_key": "new-eab-hmac-key-value"
},
"valid_till": "2027-06-03 00:00:00"
}
URL path and query parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| acme_contract_id | required | integer | Unique identifier of the ACME contract. |
Request parameters
| Name | Req/Opt | Type | Default | Description |
|---|---|---|---|---|
| revoke_existing | optional | boolean | true | Specify whether to revoke existing ACME credentials before generating new credentials. When set to true, all existing credentials are revoked before new credentials are generated. When set to false, existing credentials remain active, enabling zero-downtime credential rotation. |
Response parameters
| Name | Type | Description |
|---|---|---|
| acme_contract_id | integer | Unique identifier of the ACME contract. |
| account_id | integer | Identifier of the account associated with the ACME contract. |
| directory_url | string | ACME directory URL for the ACME client configuration. |
| eab_set | object | External Account Binding credentials generated for the ACME contract. |
| .. kid | string | External Account Binding Key ID. |
| .. hmac_key | string | External Account Binding HMAC key. |
| valid_till | string | Contract expiration date. |
Was this page helpful?
Provide feedback