Certificate Renew

The certificate_renew endpoint of the CA API allows you to request a new, signed certificate by presenting a certificate that was signed previously by the CA.

If the certificate-authority.allow-auto-renewal configuration is set to true, and the certificate presented is valid and was signed by the CA, a new signed certificate will be returned in PEM format that is valid for the period set in the certificate-authority.auto-renewal-cert-ttl configuration setting.

POST /puppet-ca/v1/certificate_renew
Content-Type: text/plain

Supported HTTP Methods

POST

Supported Response Formats

text/plain

The returned certificate is always in the PEM format.

Parameters

None

Responses

Certificate renewed

POST /puppet-ca/v1/certificate_renew

HTTP 200 OK
Content-Type: text/plain

-----BEGIN CERTIFICATE-----
MIIGKDCCBBCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBHMUUwQwYDVQQDDDxQdXBw
ZXQgRW50ZXJwcmlzZSBDQSBnZW5lcmF0ZWQgYXQgKzIwMjMtMDUtMzAgMjE6NTQ6
MTcgKzAwMDAwHhcNMjMwNTMwMjIzMDI0WhcNMjMwNzMwMjIzMDI0WjAtMSswKQYD
VQQDDCJncmV5LWNoaWxpLmRlbGl2ZXJ5LnB1cHBldGxhYnMubmV0MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqzhxTRwS2gqJqaX8sALVcrIGN2RFjdmx
Etb6gpV6+R1oQukk4PHrqMzwu96n/jlPdefc+YYiQEHRlZUDpqEFFLQibdBifD20
pOK3AvNFyczy13zxG3cvSNnARQI6skPWmwa+d0pKynB7KqKZANkbZf19cnUZ961p
iZhVQsiS6iFuZaagrQb3k5WCvblN6brbRva7l9ObLf0RP19FeYRbVFlPbLFeKpqQ
U7eXQYN07gQQEhMaR1wPb7HCQv6xa/ysDAGmlFVe763xDW3NR+Otnkf29zdny3QC
y2Vs/RIPHIwV6lxeoC/zNXBWxBRvChMMX5V9/+k27q7o2NPC/ruG/Lzb/pBJk/Qz
utlWWw3z2KpYkPzIUBuNGVuawX5KY8Stda4DUlGhap7v97uuzpsu6OksyfCvuVZK
ITVzmJqA27I2nIXvf2LK7lVB/JUSGYzKIgOV+G6eqzsjGoAhUryl/AWR3pujiFoK
hjYH0yF7LqadfEQP8nXR2NYlC+sN/8GqqBvjZyA8smpMYD2W3hyi4/waIv0RNwKL
ChCJN5nFKSveNR6yB24sS7p3xq1z+bBPQUY/soA+aAfveLzhCjj+UrllNa1TroBQ
otZRWpVLgAdeeQqYy2513T7Ka5Jpqvm3vYbhqb0DsdExTdKeHS3uC3CVd7jpEBT9
S0mRanOW4iMCAwEAAaOCATcwggEzMB0GA1UdDgQWBBRHEZkAXqy+GTWobU1bzAhS
Qyl8uTBRBgNVHSMESjBIgBTjeOnlr2CLbx5TI+LR+waDhMRhgaEtpCswKTEnMCUG
A1UEAwweUHVwcGV0IFJvb3QgQ0E6IGM1MjRiNGJiMTM2MWNkggECMDEGCWCGSAGG
+EIBDQQkFiJQdXBwZXQgU2VydmVyIEludGVybmFsIENlcnRpZmljYXRlMBUGCysG
AQQBgoxMAQMnBAYMBHRydWUwNQYDVR0RBC4wLIIiZ3JleS1jaGlsaS5kZWxpdmVy
eS5wdXBwZXRsYWJzLm5ldIIGcHVwcGV0MAwGA1UdEwEB/wQCMAAwIAYDVR0lAQH/
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG
9w0BAQsFAAOCAgEAhojlY4jtOsbVw2vPBh+2nt9tzR4P+RoxkaEhjjjdfKOeNUVd
Nk8YkXpQ3J+ZFDNLiQUw8x8gwIY5QEOflrTRjwtsMJDc+ROUYvWIxx0P9d/Q8X1N
lIHNrksTiVYkmNHIbdAJ44zsIq0l/a498DIHUDW6LRpU2FHA++O/BL6wwjcnMLqN
R3YO1+GOktUNqpJq30b5ovIoTwXOmEZN+tZImzsp5XbAEwsMo1RKB5Y8SQOGJV+J
Au4rC/DVjpNeVoJ/ubcHfNRij+BXQBkc2kHzkvMOpy4m0tPna2XxZs9rBLeALWRI
QcL6nhSYJUBemrcbwZOGokf2G3SR5YkyGCJdC7Q8Eslc+HlMXthhOpupaDHfVZav
vNCf/LxwE9lOVr3JOFgcQ00bUwMJoEAhffH5cGrELre2BjoxbTPjEVEftKTRFAdt
VCw3NbQNmRsXsBjWhicrSzMjBZcQYRtThKTkQwKpYaOeNGbD4Qnn8dlf12TKKnH+
G44CxL2p3nazisOMgrLj4NNlPqVEDkCiUmu07TEL7WQNCyLRM3eF2SNAzf9o99ld
xo0rTRmXqKG4SYbcG8r8Eh4IkkKPcEjznInwqXpgh0pZv+rnbMKZhgeQ4qKrJ2Gh
51n6MCu+Ymbiu3aFfhWUOyNJ09EGh0XHdcsyUXkKf+QlMOOemNYk1U0Y4Rs=
-----END CERTIFICATE-----

Auto-renew not enabled

POST /puppet-ca/v1/certificate_renew

HTTP 404 Not Found
Content-Type: text/plain

Invalid certificate presented

POST /puppet-ca/v1/certificate_renew

HTTP 403 Forbidden
Content-Type: text/plain

No/malformed certificate presented

POST /puppet-ca/v1/certificate_renew

HTTP 400 Bad Request
Content-Type: text/plain