API Documentation

On this page

Certificate Issuance via HTTP Validation

The following steps describe how to issue a certificate using Certbot via the http-01 validation method.

Prerequisites

  1. GlobalSign API & MAC Key from the GlobalSign Atlas portal to EAB (External Account Binding) to your ACME client of choice.)
  2. Up-to-date version of Certbot
  3. GlobalSign ACME URL

Note: The MAC key is a shared secret between you and the GlobalSign ACME server, which permits you to bind your specific ACME account key to your Atlas account (and more precisely, to an API credential within the your Atlas account).

Domain Validation and Certificate Issuance

The HTTP domain validation method (http-01) relies on the ACME client placing a random value at a specific location on the target website. Certbot does HTTP validation by default.

Please use the following steps for domain validation and certificate issuance via Certbot:

  1. Check in a Linux environment that the Certbot client is installed by using: #certbot --version
  2. If it’s not installed, install Certbot and check the version by using: Sudo yum install certbot
  3. Check for the document root in your configuration file.
  4. Copy the document root path “/var/www/html”  
  5. ​​​​​​Use the following Certbot command to register your account and issue a certificate:

    certbot certonly \
      --webroot -w /var/www/html \
      --server https://emea.acme.atlas.globalsign.com/directory \
      --eab-kid  YOUR_KEY_ID \
      --eab-hmac-key YOUR_HMAC_KEY \
      -d  example.com
      -y  --agree-tos
       --key-type rsa 

    Note: Your credentials are linked to either an RSA or ECC certificate product. If your credentials are for ECC certificates, you may delete the key-type flag as Certbot will use the ECC algorithm by default. 
  6. If your Atlas account has already been registered to a Certbot client, then you can use the following command to request a certificate using the HTTP validation method:

    certbot certonly \
      --webroot -w /var/www/html \
      --server https://emea.acme.atlas.globalsign.com/directory \
      -d  example.com
       --key-type rsa 
  7. Once the certificate is issued, you will receive the location of the certificate which will be stored in your files. The private key will be stored there as well, in case you need to configure the certificate to any service. For Apache or nginx implementations, the certificate may be automatically installed.

Renew Certificate

In most cases, Certbot pre-configures automatic renewal of certificates ordered through the above process. However, if you are unsure if automatic renewal is enabled for your order, please refer to the following documentation for steps on how to verify and implement automatic renewals: https://eff-certbot.readthedocs.io/en/stable/using.html#renewing-certificates

Note that certificates that are generated manually (using the --manual plugin) do not have automatic renewal configured and will need to be configured manually to do so; follow the instructions in the above link to implement.