Automated TLS/X509-certificates -

Our certificate service provides

The certificates can be used on any server-service, and it is also natively implemented in all J-software with automatic renewal and monitoring.
The certificate service is included with JClouds domain product. Your domain must therefore be hosted by JCloud in order for this service to function.

Configuration - J-software

Put the following data in the configuration of the service

certificate_path <folder for local certificate storage>
certificate_domain <your domain>
certificate_domain <your second domain and so on>
certificate_secret <secret to your domain>

When this is installed, your domains will be automaticly generated, installed, renewed, OCSP stapled and monitored via our Loke monitoring service.
The first time the certificate is generated, the IP-address you are retrieving the certificate from must match with DNS. After this only the secret must match.
Please note that some services in addition also have their own configuration for bulk-automation of many certificates, like WebCDN.


All J-services use this API automaticly. Please see
To use the service you need authorization for the domain you are retrieving. This can either be the secret-parameter used in previous requests, or for new domains it must be one of the following:
  1. Domain must resolve to the IP-address you are sending the request from. For wildcard *, will be resolved.
  2. You must use HTTP basic/digest authentication, and the user must have access to the domain on domainadmin.

Wildcard certificate

Wildcard certificate is possible as long as you have the proper authorization. Use * as domain

Certificate expiricy

We use Letsencrypt and Buypass. These certificates may last from 90-180 days and will be renewed from after 60 days. Your service should therefore try to retrieve a certificate every second day.


If you have 10 webservers in a cluster you can put the certificate URL on all 10 servers.