API for end-to-end certificate testing (KeyChest)

Some of you may want to do end-to-end checks of correct deployments of new certificates. Here’s a way to do it with KeyChest (the API itself is at https://keychest.net/api).

If you decide to integrate it into a client, we’d be delighted to provide as much integration support as you can bear. :crazy_face:

RESTful API

We have put some effort into cleaning-up our API and its online documentation with “try it” button (the latter really hurt getting into Laravel … but it’s another story).

The KeyChest service will do regular audits (around 2x a day) of all API-registered domains. You can then use the API to access latest end-to-end audit results.

If you just want to use the API, there are 3 steps:

  1. get an API key (you need to provide an email address) - one-off
  2. use the API key to add your domain name - one-off for each domain
  3. check the domain name status (you can do that even without any API key)

TCP API

I had an idea of using KeyChest directly from Linux bash (i.e., for certbot hooks). You can find that in the 3rd tab of https://keychest.net/api . Here’s how it works …

TCP_DEV="/dev/tcp/keychest.net/10023"
exec 3<> "$TCP_DEV"
echo -ne "<API command>" >&3
RESPONSE=$(dd bs=1000 count=1 <&3 2>/dev/null)

The TCP API is least tested so if you want to play with it and it doesn’t work, do shout. We feed on coffee and try not to sleep too much.

1 Like