Skip to main content
Version: 0.16

AcmeProvider

Defines an ACME provider for automatic TLS certificate management.

This object can be configured from the WebUI under Settings › TLS › ACME Providers

Fields

challengeType

Type: AcmeChallengeType · default: "TlsAlpn01"

The ACME challenge type used to validate domain ownership

contact

Type: EmailAddress[] · min items: 1

Contact email address, which is used for important communications regarding your ACME account and certificates

directory

Type: Uri · read-only · default: "https://acme-v02.api.letsencrypt.org/directory"

The URL of the ACME directory endpoint

eabHmacKey

Type: String? · read-only · secret

The External Account Binding (EAB) HMAC key

eabKeyId

Type: String? · read-only

The External Account Binding (EAB) key ID

accountKey

Type: String · server-set · secret

The account key used to authenticate with the ACME provider.

accountUri

Type: Uri · server-set

The account URI returned by the ACME server after registration. Used for CAA record accounturi binding.

renewBefore

Type: AcmeRenewBefore · default: "R23"

How long before expiration the certificate should be renewed

maxRetries

Type: Integer · default: 10

Maximum number of retry attempts for failed challenges

memberTenantId

Type: Id<Tenant>? · enterprise

Identifier for the tenant this ACME provider belongs to

JMAP API

The AcmeProvider object is available via the urn:stalwart:jmap capability.

x:AcmeProvider/get

This is a standard Foo/get method as defined in RFC 8620, Section 5.1.

This method requires the sysAcmeProviderGet permission.

curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:AcmeProvider/get",
{
"ids": [
"id1"
]
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'

x:AcmeProvider/set

This is a standard Foo/set method as defined in RFC 8620, Section 5.3.

Supports create, update, and destroy operations in a single call.

Create

This operation requires the sysAcmeProviderCreate permission.

curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:AcmeProvider/set",
{
"create": {
"new1": {
"challengeType": "TlsAlpn01",
"contact": [],
"maxRetries": 10,
"memberTenantId": "<Tenant id>",
"renewBefore": "R23"
}
}
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'

Update

This operation requires the sysAcmeProviderUpdate permission.

curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:AcmeProvider/set",
{
"update": {
"id1": {
"challengeType": "TlsAlpn01"
}
}
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'

Destroy

This operation requires the sysAcmeProviderDestroy permission.

curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:AcmeProvider/set",
{
"destroy": [
"id1"
]
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'

x:AcmeProvider/query

This is a standard Foo/query method as defined in RFC 8620, Section 5.5.

This method requires the sysAcmeProviderQuery permission.

curl -X POST https://mail.example.com/api \
-H 'Authorization: Bearer $TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"methodCalls": [
[
"x:AcmeProvider/query",
{
"filter": {
"text": "example"
}
},
"c1"
]
],
"using": [
"urn:ietf:params:jmap:core",
"urn:stalwart:jmap"
]
}'

The x:AcmeProvider/query filter argument accepts the following conditions (combinable with AnyOf / AllOf / Not per RFC 8620):

ConditionKind
texttext
memberTenantIdid of Tenant

CLI

stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.

Fetch

stalwart-cli get acme-provider id1

Create

stalwart-cli create acme-provider \
--field challengeType=TlsAlpn01 \
--field 'contact=[]' \
--field renewBefore=R23 \
--field maxRetries=10 \
--field 'memberTenantId=<Tenant id>'

Query

stalwart-cli query acme-provider
stalwart-cli query acme-provider --where text=example

Update

stalwart-cli update acme-provider id1 --field description='Updated'

Delete

stalwart-cli delete acme-provider --ids id1

Enums

AcmeChallengeType

ValueLabel
TlsAlpn01TLS-ALPN-01
DnsPersist01DNS-PERSIST-01
Dns01DNS-01
Http01HTTP-01

AcmeRenewBefore

ValueLabel
R121/2 of the remaining time until expiration
R232/3 of the remaining time until expiration
R343/4 of the remaining time until expiration
R454/5 of the remaining time until expiration