CertCore

Documentation

CertCore operating manual

CertCore manages SSL certificate operations around domains, verification challenges, certificate issuance, encrypted key storage, downloads, billing limits, API tokens, and audit activity. This page covers the main workflows an operator or developer needs to run the platform correctly.

HTTP-01

standard SSL

DNS-01

wildcard SSL

30/14/7

renewal alerts

Model

Core concepts

Domain

A hostname owned by a user. Domains hold verification records and issued certificates.

Verification

A challenge record proving control of the domain. HTTP-01 is used for normal certificates; DNS-01 is used for wildcard certificates.

Certificate

The issued SSL material: certificate, private key, chain, fullchain, metadata, status, and expiry date.

Plan

A billing tier that controls domain limits and available account capacity. Admins can adjust plans from the admin area.

Standard SSL

Add, verify, and issue a certificate

1

Add the domain

Open Domains, choose Add Domain, and enter the root or subdomain exactly as it should appear on the certificate.

2

Publish the HTTP-01 challenge

CertCore generates a token path and expected content. Place that exact content at the exact path under the domain.

3

Verify ownership

Run Verify from the domain page. CertCore requests the public challenge URL and marks the domain verified when the content matches.

4

Issue the certificate

Generate the certificate after verification. Use staging mode first when testing DNS, routing, or web server changes.

5

Install and monitor

Download the archive, install the files on your server, and use Activity plus expiry status to track renewals.

https://example.com/.well-known/acme-challenge/<token>
Content must equal the exact challenge value shown by CertCore.

Wildcard SSL

Generate wildcard certificates with DNS-01

Wildcard certificates require DNS verification because HTTP-01 cannot prove control of every subdomain. CertCore creates a TXT record for the domain and verifies it before issuing *.example.com.

Field Value Notes
Record type TXT Required by ACME DNS-01.
Record name _acme-challenge.example.com Use the exact name shown on the domain page.
Record value generated-token-value Do not add spaces, quotes, or extra punctuation unless your DNS provider requires quotes.

Outputs

Certificate files

certificate.crt

The leaf certificate for the selected domain.

private.key

The private key. CertCore stores it encrypted and exposes it only through owner-scoped downloads.

ca_bundle.crt

Intermediate chain used by servers that require a separate CA bundle field.

fullchain.pem

Leaf certificate plus intermediates. Preferred for Nginx and many modern reverse proxies.

Accounts

Billing and domain limits

Billing controls how many domains an account can manage. The public pricing section and Billing page use the same plan records, so plan names, KES pricing, feature lists, and domain limits remain aligned.

Plan limit reached

Upgrade from Billing or ask an admin to adjust the plan limit.

Payment status

Recent secure payment attempts appear in Billing with status and reference.

Subscription state

Admins can review and update subscription state from Admin.

Automation

API access

Create API tokens from the API Tokens page. Send the token as a bearer token when creating domains, triggering verification, issuing certificates, or deleting domains from automated workflows. 

curl -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json" \
  https://ssl.codesmithsystems.com/api/domains
Open API reference

Administration

Admin controls

Users

Review accounts, update roles, and remove users when required.

Plans

Create, edit, disable, or delete billing plans and domain limits.

Domains

Inspect ownership and delete domains across the system.

Settings

Update operational settings without exposing secure secrets in normal frontend copy.

Debugging

Troubleshooting checklist

HTTP 404 during verification: the challenge file is missing, the path is wrong, or the domain is routed to a different server.

HTTP content mismatch: the file exists but does not contain the exact expected token value.

DNS verification fails: wait for TXT propagation, check the record name, and remove duplicate stale challenge values.

Certificate issue blocked: verify the domain first, use staging mode for tests, and check plan limits.

Download unavailable: confirm the certificate belongs to the logged-in user and has an issued status.