{ "name": "acme", "displayName": "ACME", "description": "A Pulumi package for creating and managing ACME cloud resources.", "keywords": [ "pulumi", "acme", "category/cloud" ], "homepage": "https://www.pulumi.com", "license": "Apache-2.0", "attribution": "This Pulumi package is based on the [`acme` Terraform Provider](https://github.com/vancluever/terraform-provider-acme).", "repository": "https://github.com/pulumiverse/pulumi-acme", "pluginDownloadURL": "github://api.github.com/pulumiverse/pulumi-acme", "publisher": "Pulumiverse", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "compatibility": "tfbridge20", "rootNamespace": "Pulumiverse", "respectSchemaVersion": true }, "go": { "importBasePath": "github.com/pulumiverse/pulumi-acme/sdk/go/acme", "generateResourceContainerTypes": true, "generateExtraInputTypes": true, "respectSchemaVersion": true }, "nodejs": { "packageName": "@pulumiverse/acme", "packageDescription": "A Pulumi package for creating and managing ACME cloud resources.", "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/vancluever/terraform-provider-acme)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-acme` repo](https://github.com/pulumiverse/pulumi-acme/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-acme` repo](https://github.com/vancluever/terraform-provider-acme/issues).", "dependencies": { "@pulumi/pulumi": "^3.0.0" }, "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true, "respectSchemaVersion": true }, "python": { "packageName": "pulumiverse_acme", "requires": { "pulumi": "\u003e=3.0.0,\u003c4.0.0" }, "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/vancluever/terraform-provider-acme)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-acme` repo](https://github.com/pulumiverse/pulumi-acme/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-acme` repo](https://github.com/vancluever/terraform-provider-acme/issues).", "compatibility": "tfbridge20", "respectSchemaVersion": true, "pyproject": { "enabled": true } } }, "config": { "variables": { "serverUrl": { "type": "string" } }, "defaults": [ "serverUrl" ] }, "types": { "acme:index/CertificateDnsChallenge:CertificateDnsChallenge": { "properties": { "config": { "type": "object", "additionalProperties": { "type": "string" }, "secret": true }, "provider": { "type": "string" } }, "type": "object", "required": [ "provider" ] }, "acme:index/CertificateHttpChallenge:CertificateHttpChallenge": { "properties": { "port": { "type": "integer", "description": "The port that the challenge server listens on. Default: \u003cspan pulumi-lang-nodejs=\"`80`\" pulumi-lang-dotnet=\"`80`\" pulumi-lang-go=\"`80`\" pulumi-lang-python=\"`80`\" pulumi-lang-yaml=\"`80`\" pulumi-lang-java=\"`80`\"\u003e`80`\u003c/span\u003e.\n" }, "proxyHeader": { "type": "string", "description": "The proxy header to match against. Default:\n`Host`.\n\nThe \u003cspan pulumi-lang-nodejs=\"`proxyHeader`\" pulumi-lang-dotnet=\"`ProxyHeader`\" pulumi-lang-go=\"`proxyHeader`\" pulumi-lang-python=\"`proxy_header`\" pulumi-lang-yaml=\"`proxyHeader`\" pulumi-lang-java=\"`proxyHeader`\"\u003e`proxyHeader`\u003c/span\u003e option behaves differently depending on its definition:\n\n* When set to `Host`, standard host header validation is used.\n* When set to `Forwarded`, the server looks in the `Forwarded` header for a\nsection matching `host=DOMAIN` where `DOMAIN` is the domain currently being\nresolved by the challenge. See [RFC 7239](https://tools.ietf.org/html/rfc7239)\nfor more details.\n* When set to an arbitrary header (example: `X-Forwarded-Host`), that header is\nchecked for the host entry in the same way the host header would normally be\nchecked.\n" } }, "type": "object" }, "acme:index/CertificateHttpMemcachedChallenge:CertificateHttpMemcachedChallenge": { "properties": { "hosts": { "type": "array", "items": { "type": "string" } } }, "type": "object", "required": [ "hosts" ] }, "acme:index/CertificateHttpS3Challenge:CertificateHttpS3Challenge": { "properties": { "s3Bucket": { "type": "string", "description": "The\u003cspan pulumi-lang-nodejs=\" s3Bucket \" pulumi-lang-dotnet=\" S3Bucket \" pulumi-lang-go=\" s3Bucket \" pulumi-lang-python=\" s3_bucket \" pulumi-lang-yaml=\" s3Bucket \" pulumi-lang-java=\" s3Bucket \"\u003e s3Bucket \u003c/span\u003eto publish the record to.\n" } }, "type": "object", "required": [ "s3Bucket" ] }, "acme:index/CertificateHttpWebrootChallenge:CertificateHttpWebrootChallenge": { "properties": { "directory": { "type": "string", "description": "The directory to publish the record to.\n" } }, "type": "object", "required": [ "directory" ] }, "acme:index/CertificateTlsChallenge:CertificateTlsChallenge": { "properties": { "port": { "type": "integer", "description": "The port that the challenge server listens on. Default: \u003cspan pulumi-lang-nodejs=\"`443`\" pulumi-lang-dotnet=\"`443`\" pulumi-lang-go=\"`443`\" pulumi-lang-python=\"`443`\" pulumi-lang-yaml=\"`443`\" pulumi-lang-java=\"`443`\"\u003e`443`\u003c/span\u003e.\n" } }, "type": "object" }, "acme:index/RegistrationExternalAccountBinding:RegistrationExternalAccountBinding": { "properties": { "hmacBase64": { "type": "string", "secret": true, "willReplaceOnChanges": true }, "keyId": { "type": "string", "secret": true, "willReplaceOnChanges": true } }, "type": "object", "required": [ "hmacBase64", "keyId" ] } }, "provider": { "description": "The provider type for the acme package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "serverUrl": { "type": "string" } }, "inputProperties": { "serverUrl": { "type": "string" } }, "methods": { "terraformConfig": "pulumi:providers:acme/terraformConfig" } }, "resources": { "acme:index/certificate:Certificate": { "description": "## #\u003cspan pulumi-lang-nodejs=\" acme.Certificate\n\" pulumi-lang-dotnet=\" acme.Certificate\n\" pulumi-lang-go=\" Certificate\n\" pulumi-lang-python=\" Certificate\n\" pulumi-lang-yaml=\" acme.Certificate\n\" pulumi-lang-java=\" acme.Certificate\n\"\u003e acme.Certificate\n\u003c/span\u003e\nThe \u003cspan pulumi-lang-nodejs=\"`acme.Certificate`\" pulumi-lang-dotnet=\"`acme.Certificate`\" pulumi-lang-go=\"`Certificate`\" pulumi-lang-python=\"`Certificate`\" pulumi-lang-yaml=\"`acme.Certificate`\" pulumi-lang-java=\"`acme.Certificate`\"\u003e`acme.Certificate`\u003c/span\u003e resource can be used to create and manage an ACME TLS\ncertificate.\n\n## Example\n\nThe below example creates both an account and certificate within the same\nconfiguration. The account is created using the\n[\u003cspan pulumi-lang-nodejs=\"`acme.Registration`\" pulumi-lang-dotnet=\"`acme.Registration`\" pulumi-lang-go=\"`Registration`\" pulumi-lang-python=\"`Registration`\" pulumi-lang-yaml=\"`acme.Registration`\" pulumi-lang-java=\"`acme.Registration`\"\u003e`acme.Registration`\u003c/span\u003e][resource-registration] resource.\n\n\u003e When creating accounts and certificates within the same configuration, ensure\nthat you reference the\n[\u003cspan pulumi-lang-nodejs=\"`accountKeyPem`\" pulumi-lang-dotnet=\"`AccountKeyPem`\" pulumi-lang-go=\"`accountKeyPem`\" pulumi-lang-python=\"`account_key_pem`\" pulumi-lang-yaml=\"`accountKeyPem`\" pulumi-lang-java=\"`accountKeyPem`\"\u003e`accountKeyPem`\u003c/span\u003e][resource-registration-account-key-pem] argument in the\n\u003cspan pulumi-lang-nodejs=\"`acme.Registration`\" pulumi-lang-dotnet=\"`acme.Registration`\" pulumi-lang-go=\"`Registration`\" pulumi-lang-python=\"`Registration`\" pulumi-lang-yaml=\"`acme.Registration`\" pulumi-lang-java=\"`acme.Registration`\"\u003e`acme.Registration`\u003c/span\u003e resource as the corresponding\n\u003cspan pulumi-lang-nodejs=\"`accountKeyPem`\" pulumi-lang-dotnet=\"`AccountKeyPem`\" pulumi-lang-go=\"`accountKeyPem`\" pulumi-lang-python=\"`account_key_pem`\" pulumi-lang-yaml=\"`accountKeyPem`\" pulumi-lang-java=\"`accountKeyPem`\"\u003e`accountKeyPem`\u003c/span\u003e argument in the \u003cspan pulumi-lang-nodejs=\"`acme.Certificate`\" pulumi-lang-dotnet=\"`acme.Certificate`\" pulumi-lang-go=\"`Certificate`\" pulumi-lang-python=\"`Certificate`\" pulumi-lang-yaml=\"`acme.Certificate`\" pulumi-lang-java=\"`acme.Certificate`\"\u003e`acme.Certificate`\u003c/span\u003e\nresource. This will ensure that the account gets created before the certificate\nand avoid errors.\n\n[resource-registration]: ./registration.md\n[resource-registration-account-key-pem]: ./registration.md#account_key_pem\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as acme from \"@pulumiverse/acme\";\n\nconst reg = new acme.Registration(\"reg\", {emailAddress: \"nobody@example.com\"});\nconst certificate = new acme.Certificate(\"certificate\", {\n accountKeyPem: reg.accountKeyPem,\n commonName: \"www.example.com\",\n subjectAlternativeNames: [\"www2.example.com\"],\n dnsChallenges: [{\n provider: \"route53\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_acme as acme\n\nreg = acme.Registration(\"reg\", email_address=\"nobody@example.com\")\ncertificate = acme.Certificate(\"certificate\",\n account_key_pem=reg.account_key_pem,\n common_name=\"www.example.com\",\n subject_alternative_names=[\"www2.example.com\"],\n dns_challenges=[{\n \"provider\": \"route53\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Acme = Pulumiverse.Acme;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var reg = new Acme.Registration(\"reg\", new()\n {\n EmailAddress = \"nobody@example.com\",\n });\n\n var certificate = new Acme.Certificate(\"certificate\", new()\n {\n AccountKeyPem = reg.AccountKeyPem,\n CommonName = \"www.example.com\",\n SubjectAlternativeNames = new[]\n {\n \"www2.example.com\",\n },\n DnsChallenges = new[]\n {\n new Acme.Inputs.CertificateDnsChallengeArgs\n {\n Provider = \"route53\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-acme/sdk/go/acme\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treg, err := acme.NewRegistration(ctx, \"reg\", \u0026acme.RegistrationArgs{\n\t\t\tEmailAddress: pulumi.String(\"nobody@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acme.NewCertificate(ctx, \"certificate\", \u0026acme.CertificateArgs{\n\t\t\tAccountKeyPem: reg.AccountKeyPem,\n\t\t\tCommonName: pulumi.String(\"www.example.com\"),\n\t\t\tSubjectAlternativeNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"www2.example.com\"),\n\t\t\t},\n\t\t\tDnsChallenges: acme.CertificateDnsChallengeArray{\n\t\t\t\t\u0026acme.CertificateDnsChallengeArgs{\n\t\t\t\t\tProvider: pulumi.String(\"route53\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.acme.Registration;\nimport com.pulumi.acme.RegistrationArgs;\nimport com.pulumi.acme.Certificate;\nimport com.pulumi.acme.CertificateArgs;\nimport com.pulumi.acme.inputs.CertificateDnsChallengeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var reg = new Registration(\"reg\", RegistrationArgs.builder()\n .emailAddress(\"nobody@example.com\")\n .build());\n\n var certificate = new Certificate(\"certificate\", CertificateArgs.builder()\n .accountKeyPem(reg.accountKeyPem())\n .commonName(\"www.example.com\")\n .subjectAlternativeNames(\"www2.example.com\")\n .dnsChallenges(CertificateDnsChallengeArgs.builder()\n .provider(\"route53\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reg:\n type: acme:Registration\n properties:\n emailAddress: nobody@example.com\n certificate:\n type: acme:Certificate\n properties:\n accountKeyPem: ${reg.accountKeyPem}\n commonName: www.example.com\n subjectAlternativeNames:\n - www2.example.com\n dnsChallenges:\n - provider: route53\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using an external CSR\n\nThe \u003cspan pulumi-lang-nodejs=\"`acme.Certificate`\" pulumi-lang-dotnet=\"`acme.Certificate`\" pulumi-lang-go=\"`Certificate`\" pulumi-lang-python=\"`Certificate`\" pulumi-lang-yaml=\"`acme.Certificate`\" pulumi-lang-java=\"`acme.Certificate`\"\u003e`acme.Certificate`\u003c/span\u003e resource can also take an external CSR. In this example,\nwe create one using [\u003cspan pulumi-lang-nodejs=\"`tlsCertRequest`\" pulumi-lang-dotnet=\"`TlsCertRequest`\" pulumi-lang-go=\"`tlsCertRequest`\" pulumi-lang-python=\"`tls_cert_request`\" pulumi-lang-yaml=\"`tlsCertRequest`\" pulumi-lang-java=\"`tlsCertRequest`\"\u003e`tlsCertRequest`\u003c/span\u003e][tls-cert-request] first, before\nsupplying it to the \u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e\nargument.\n\n[tls-cert-request]: https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request\n\n\u003e **NOTE:** Some current ACME CA implementations (including Let's Encrypt)\nstrip most of the organization information out of a certificate request\nsubject. You may wish to confirm with the CA what behavior to expect when\nusing the \u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e argument with this resource.\n\n\u003e **NOTE:** It is not a good practice to use the same private key for both\nyour account and your certificate. Make sure you use different keys.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as acme from \"@pulumiverse/acme\";\nimport * as tls from \"@pulumi/tls\";\n\nconst reg = new acme.Registration(\"reg\", {emailAddress: \"nobody@example.com\"});\nconst certPrivateKey = new tls.index.PrivateKey(\"cert_private_key\", {algorithm: \"RSA\"});\nconst req = new tls.index.CertRequest(\"req\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: certPrivateKey.privateKeyPem,\n dnsNames: [\n \"www.example.com\",\n \"www2.example.com\",\n ],\n subject: [{\n commonName: \"www.example.com\",\n }],\n});\nconst certificate = new acme.Certificate(\"certificate\", {\n accountKeyPem: reg.accountKeyPem,\n certificateRequestPem: req.certRequestPem,\n dnsChallenges: [{\n provider: \"route53\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_tls as tls\nimport pulumiverse_acme as acme\n\nreg = acme.Registration(\"reg\", email_address=\"nobody@example.com\")\ncert_private_key = tls.index.PrivateKey(\"cert_private_key\", algorithm=RSA)\nreq = tls.index.CertRequest(\"req\",\n key_algorithm=RSA,\n private_key_pem=cert_private_key.private_key_pem,\n dns_names=[\n www.example.com,\n www2.example.com,\n ],\n subject=[{\n commonName: www.example.com,\n }])\ncertificate = acme.Certificate(\"certificate\",\n account_key_pem=reg.account_key_pem,\n certificate_request_pem=req[\"certRequestPem\"],\n dns_challenges=[{\n \"provider\": \"route53\",\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Acme = Pulumiverse.Acme;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var reg = new Acme.Registration(\"reg\", new()\n {\n EmailAddress = \"nobody@example.com\",\n });\n\n var certPrivateKey = new Tls.Index.PrivateKey(\"cert_private_key\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var req = new Tls.Index.CertRequest(\"req\", new()\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = certPrivateKey.PrivateKeyPem,\n DnsNames = new[]\n {\n \"www.example.com\",\n \"www2.example.com\",\n },\n Subject = new[]\n {\n \n {\n { \"commonName\", \"www.example.com\" },\n },\n },\n });\n\n var certificate = new Acme.Certificate(\"certificate\", new()\n {\n AccountKeyPem = reg.AccountKeyPem,\n CertificateRequestPem = req.CertRequestPem,\n DnsChallenges = new[]\n {\n new Acme.Inputs.CertificateDnsChallengeArgs\n {\n Provider = \"route53\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-tls/sdk/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-acme/sdk/go/acme\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treg, err := acme.NewRegistration(ctx, \"reg\", \u0026acme.RegistrationArgs{\n\t\t\tEmailAddress: pulumi.String(\"nobody@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcertPrivateKey, err := tls.NewPrivateKey(ctx, \"cert_private_key\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: \"RSA\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treq, err := tls.NewCertRequest(ctx, \"req\", \u0026tls.CertRequestArgs{\n\t\t\tKeyAlgorithm: \"RSA\",\n\t\t\tPrivateKeyPem: certPrivateKey.PrivateKeyPem,\n\t\t\tDnsNames: []string{\n\t\t\t\t\"www.example.com\",\n\t\t\t\t\"www2.example.com\",\n\t\t\t},\n\t\t\tSubject: []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"commonName\": \"www.example.com\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acme.NewCertificate(ctx, \"certificate\", \u0026acme.CertificateArgs{\n\t\t\tAccountKeyPem: reg.AccountKeyPem,\n\t\t\tCertificateRequestPem: req.CertRequestPem,\n\t\t\tDnsChallenges: acme.CertificateDnsChallengeArray{\n\t\t\t\t\u0026acme.CertificateDnsChallengeArgs{\n\t\t\t\t\tProvider: pulumi.String(\"route53\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.acme.Registration;\nimport com.pulumi.acme.RegistrationArgs;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.acme.Certificate;\nimport com.pulumi.acme.CertificateArgs;\nimport com.pulumi.acme.inputs.CertificateDnsChallengeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var reg = new Registration(\"reg\", RegistrationArgs.builder()\n .emailAddress(\"nobody@example.com\")\n .build());\n\n var certPrivateKey = new PrivateKey(\"certPrivateKey\", PrivateKeyArgs.builder()\n .algorithm(\"RSA\")\n .build());\n\n var req = new CertRequest(\"req\", CertRequestArgs.builder()\n .keyAlgorithm(\"RSA\")\n .privateKeyPem(certPrivateKey.privateKeyPem())\n .dnsNames(List.of( \n \"www.example.com\",\n \"www2.example.com\"))\n .subject(List.of(Map.of(\"commonName\", \"www.example.com\")))\n .build());\n\n var certificate = new Certificate(\"certificate\", CertificateArgs.builder()\n .accountKeyPem(reg.accountKeyPem())\n .certificateRequestPem(req.certRequestPem())\n .dnsChallenges(CertificateDnsChallengeArgs.builder()\n .provider(\"route53\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reg:\n type: acme:Registration\n properties:\n emailAddress: nobody@example.com\n certPrivateKey:\n type: tls:PrivateKey\n name: cert_private_key\n properties:\n algorithm: RSA\n req:\n type: tls:CertRequest\n properties:\n keyAlgorithm: RSA\n privateKeyPem: ${certPrivateKey.privateKeyPem}\n dnsNames:\n - www.example.com\n - www2.example.com\n subject:\n - commonName: www.example.com\n certificate:\n type: acme:Certificate\n properties:\n accountKeyPem: ${reg.accountKeyPem}\n certificateRequestPem: ${req.certRequestPem}\n dnsChallenges:\n - provider: route53\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Certificate renewal\n\nThe \u003cspan pulumi-lang-nodejs=\"`acme.Certificate`\" pulumi-lang-dotnet=\"`acme.Certificate`\" pulumi-lang-go=\"`Certificate`\" pulumi-lang-python=\"`Certificate`\" pulumi-lang-yaml=\"`acme.Certificate`\" pulumi-lang-java=\"`acme.Certificate`\"\u003e`acme.Certificate`\u003c/span\u003e resource handles automatic certificate renewal so long\nas a plan or apply is done within the number of days specified in the\n\u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e resource parameter. During refresh,\nif Terraform detects that the certificate is within the expiry range specified\nin \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e, or is already expired, Terraform will mark the\ncertificate to be renewed on the next apply.\n\nNote that a value less than \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e supplied to \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e will cause\nrenewal checks to be bypassed, and the certificate will never renew.\n\n### Dynamic renewal\n\nWhen working with short certificate lifetimes (possibly set using\n\u003cspan pulumi-lang-nodejs=\"`validityDays`\" pulumi-lang-dotnet=\"`ValidityDays`\" pulumi-lang-go=\"`validityDays`\" pulumi-lang-python=\"`validity_days`\" pulumi-lang-yaml=\"`validityDays`\" pulumi-lang-java=\"`validityDays`\"\u003e`validityDays`\u003c/span\u003e, or via short-lifetime ACME profiles), or\nutilizing ARI using \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e, you may find it\neasier to use \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e instead. When using this\nover \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e, the certificate renewal threshold is automatically\nset to 1/3 of its lifetime, or 1/2 if the lifetime is 10 days or less.\n", "properties": { "accountKeyPem": { "type": "string", "description": "The private key of the account that is\nrequesting the certificate. Forces a new resource when changed.\n", "secret": true }, "certTimeout": { "type": "integer", "description": "Controls the timeout in seconds for certificate requests\nthat are made after challenges are complete. Defaults to 30 seconds.\n\n\u003e As mentioned, \u003cspan pulumi-lang-nodejs=\"`certTimeout`\" pulumi-lang-dotnet=\"`CertTimeout`\" pulumi-lang-go=\"`certTimeout`\" pulumi-lang-python=\"`cert_timeout`\" pulumi-lang-yaml=\"`certTimeout`\" pulumi-lang-java=\"`certTimeout`\"\u003e`certTimeout`\u003c/span\u003e does nothing until all challenges are complete.\nIf you are looking to control timeouts related to a particular challenge (such\nas a DNS challenge), see that challenge provider's specific options.\n" }, "certificateDomain": { "type": "string", "description": "The common name of the certificate.\n" }, "certificateNotAfter": { "type": "string", "description": "The expiry date of the certificate, laid out in\nRFC3339 format (`2006-01-02T15:04:05Z07:00`).\n" }, "certificateNotBefore": { "type": "string" }, "certificateP12": { "type": "string", "description": "The certificate, any intermediates, and the private key\narchived as a PFX file (PKCS12 format, generally used by Microsoft products).\nThe data is base64 encoded (including padding), and its password is\nconfigurable via the \u003cspan pulumi-lang-nodejs=\"`certificateP12Password`\" pulumi-lang-dotnet=\"`CertificateP12Password`\" pulumi-lang-go=\"`certificateP12Password`\" pulumi-lang-python=\"`certificate_p12_password`\" pulumi-lang-yaml=\"`certificateP12Password`\" pulumi-lang-java=\"`certificateP12Password`\"\u003e`certificateP12Password`\u003c/span\u003e\nargument. This field is empty if creating a certificate from a CSR.\n", "secret": true }, "certificateP12Password": { "type": "string", "description": "Password to be used when generating\nthe PFX file stored in \u003cspan pulumi-lang-nodejs=\"`certificateP12`\" pulumi-lang-dotnet=\"`CertificateP12`\" pulumi-lang-go=\"`certificateP12`\" pulumi-lang-python=\"`certificate_p12`\" pulumi-lang-yaml=\"`certificateP12`\" pulumi-lang-java=\"`certificateP12`\"\u003e`certificateP12`\u003c/span\u003e. Defaults to an\nempty string.\n", "secret": true }, "certificatePem": { "type": "string", "description": "The certificate in PEM format. This does not include the\n\u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e. This certificate can be concatenated with \u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e to form\na full chain, e.g. `\"${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}\"`\n" }, "certificateRequestPem": { "type": "string", "description": "A pre-created certificate request, such as one\nfrom [\u003cspan pulumi-lang-nodejs=\"`tlsCertRequest`\" pulumi-lang-dotnet=\"`TlsCertRequest`\" pulumi-lang-go=\"`tlsCertRequest`\" pulumi-lang-python=\"`tls_cert_request`\" pulumi-lang-yaml=\"`tlsCertRequest`\" pulumi-lang-java=\"`tlsCertRequest`\"\u003e`tlsCertRequest`\u003c/span\u003e][tls-cert-request], or one from an external source,\nin PEM format. Forces a new resource when changed.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, or\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e\nconflicts with \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e; You cannot have\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e defined at the same time as \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e or\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, and vice versa. Finally, \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e can be\nblank while \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e is defined, and vice versa; in this\ncase with the \u003cspan pulumi-lang-nodejs=\"`classic`\" pulumi-lang-dotnet=\"`Classic`\" pulumi-lang-go=\"`classic`\" pulumi-lang-python=\"`classic`\" pulumi-lang-yaml=\"`classic`\" pulumi-lang-java=\"`classic`\"\u003e`classic`\u003c/span\u003e Let's Encrypt profile, the first domain defined in\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e becomes the common name.\n" }, "certificateSerial": { "type": "string", "description": "The serial number, in string format, as reported by\nthe CA.\n" }, "certificateUrl": { "type": "string", "description": "The full URL of the certificate within the ACME CA.\n" }, "commonName": { "type": "string", "description": "The certificate's common name, the primary domain that the\ncertificate will be recognized for. Forces a new resource when changed.\n" }, "deactivateAuthorizations": { "type": "boolean", "description": "Controls if authorizations are explicitly\ndeactivated after a certificate has been obtained, preventing their re-use.\nDefault: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "disableCompletePropagation": { "type": "boolean", "description": "Disable the requirement for full\npropagation of the TXT challenge records before proceeding with validation.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e See About DNS propagation checks for details\non the \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e settings.\n" }, "dnsChallenges": { "type": "array", "items": { "$ref": "#/types/acme:index/CertificateDnsChallenge:CertificateDnsChallenge" }, "description": "The DNS challenges to\nuse in fulfilling the request.\n" }, "httpChallenge": { "$ref": "#/types/acme:index/CertificateHttpChallenge:CertificateHttpChallenge", "description": "Defines an HTTP challenge to use in fulfilling\nthe request.\n" }, "httpMemcachedChallenge": { "$ref": "#/types/acme:index/CertificateHttpMemcachedChallenge:CertificateHttpMemcachedChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[Memcached](https://memcached.org/) cluster.\n" }, "httpS3Challenge": { "$ref": "#/types/acme:index/CertificateHttpS3Challenge:CertificateHttpS3Challenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[S3](https://aws.amazon.com/s3/) bucket.\n" }, "httpWebrootChallenge": { "$ref": "#/types/acme:index/CertificateHttpWebrootChallenge:CertificateHttpWebrootChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to place a file at a location that can be served by\nan out-of-band webserver.\n" }, "issuerPem": { "type": "string", "description": "The intermediate certificates of the issuer. Multiple\ncertificates are concatenated in this field when there is more than one\nintermediate certificate in the chain.\n" }, "keyType": { "type": "string", "description": "The key type for the certificate's private key. Can be one of:\n`P256` and `P384` (for ECDSA keys of respective length) or \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`4096`\" pulumi-lang-dotnet=\"`4096`\" pulumi-lang-go=\"`4096`\" pulumi-lang-python=\"`4096`\" pulumi-lang-yaml=\"`4096`\" pulumi-lang-java=\"`4096`\"\u003e`4096`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`8192`\" pulumi-lang-dotnet=\"`8192`\" pulumi-lang-go=\"`8192`\" pulumi-lang-python=\"`8192`\" pulumi-lang-yaml=\"`8192`\" pulumi-lang-java=\"`8192`\"\u003e`8192`\u003c/span\u003e (for RSA keys of respective length). Required when not specifying a\nCSR. The default is \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e (RSA key of 2048 bits). Forces a new resource when\nchanged.\n" }, "minDaysDynamic": { "type": "boolean", "description": "Derive the renewal threshold from the\ncertificate lifetime instead of a static value. When set, the threshold is\nset to 1/3 of the certificate's lifetime, or 1/2 if the lifetime is 10 days\nor less. Default: `false.`\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e - only one may be set\nat once.\n" }, "minDaysRemaining": { "type": "integer", "description": "The minimum amount of days remaining on the\nexpiration of a certificate before a renewal is attempted. The default is\n\u003cspan pulumi-lang-nodejs=\"`30`\" pulumi-lang-dotnet=\"`30`\" pulumi-lang-go=\"`30`\" pulumi-lang-python=\"`30`\" pulumi-lang-yaml=\"`30`\" pulumi-lang-java=\"`30`\"\u003e`30`\u003c/span\u003e. A value of less than \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e means that the certificate will never be\nrenewed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e must be lower than \u003cspan pulumi-lang-nodejs=\"`validityDays`\" pulumi-lang-dotnet=\"`ValidityDays`\" pulumi-lang-go=\"`validityDays`\" pulumi-lang-python=\"`validity_days`\" pulumi-lang-yaml=\"`validityDays`\" pulumi-lang-java=\"`validityDays`\"\u003e`validityDays`\u003c/span\u003e (if defined).\n" }, "mustStaple": { "type": "boolean", "description": "Enables the [OCSP Stapling Required][ocsp-stapling]\nTLS Security Policy extension. Certificates with this extension must include a\nvalid OCSP Staple in the TLS handshake for the connection to succeed.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Note that this option has no effect when using an\nexternal CSR - it must be enabled in the CSR itself. Forces a new resource\nwhen changed.\n\n[ocsp-stapling]: https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling\n\n\u003e OCSP stapling requires specific webserver configuration to support the\ndownloading of the staple from the CA's OCSP endpoints, and should be configured\nto tolerate prolonged outages of the OCSP service. Consider this when using\n\u003cspan pulumi-lang-nodejs=\"`mustStaple`\" pulumi-lang-dotnet=\"`MustStaple`\" pulumi-lang-go=\"`mustStaple`\" pulumi-lang-python=\"`must_staple`\" pulumi-lang-yaml=\"`mustStaple`\" pulumi-lang-java=\"`mustStaple`\"\u003e`mustStaple`\u003c/span\u003e, and only enable it if you are sure your webserver or service\nprovider can be configured correctly.\n" }, "preCheckDelay": { "type": "integer", "description": "Insert a delay after _every_ DNS challenge\nrecord to allow for extra time for DNS propagation before the certificate is\nrequested. Use this option if you observe issues with requesting certificates\neven when DNS challenge records get added successfully. Units are in seconds.\nDefaults to 0 (no delay).\n\n\u003e Be careful with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e since the delay is executed _per-domain_.\nTake your expected delay and divide it by the number of domains you have\nconfigured (\u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e + \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e).\n" }, "preferredChain": { "type": "string", "description": "The common name of the root of a preferred\nalternate certificate chain offered by the CA. The certificates in\n\u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e will reflect the chain requested, if available, otherwise the\ndefault chain will be provided. Forces a new resource when changed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e can be used to request alternate chains on Let's Encrypt\nduring the transition away from their old cross-signed intermediates. See [this\narticle for more\ndetails](https://letsencrypt.org/2020/12/21/extending-android-compatibility.html).\nIn their example titled **\"What about the alternate chain?\"**, the root you\nwould put in to the \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e field would be `ISRG Root X1`. The\nequivalent in the [staging\nenvironment](https://letsencrypt.org/docs/staging-environment/) is `(STAGING)\nPretend Pear X1`.\n" }, "privateKeyPem": { "type": "string", "description": "The certificate's private key, in PEM format, if the\ncertificate was generated from scratch and not with\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e. If\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e was used, this will be blank.\n", "secret": true }, "profile": { "type": "string", "description": "The ACME profile to use when requesting the\ncertificate. This can be used to control generation parameters according to\nthe specific CA. The default is blank (no profile); forces a new resource\nwhen changed.\n\n\u003e Let's Encrypt publishes details on their profiles at\n\u003chttps://letsencrypt.org/docs/profiles/\u003e.\n" }, "propagationWait": { "type": "integer", "description": "Disable DNS propagation checks and wait the\nspecified number of seconds before validation proceeds. Defaults to 0 (no\nwait).\n\n\u003e The wait is applied _per-domain_. When \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e is set, propagation\nchecks are skipped and \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e / \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e\nhave no effect. \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e.\n" }, "recursiveNameservers": { "type": "array", "items": { "type": "string" }, "description": "The recursive nameservers that will be\nused to check for propagation of DNS challenge records, in addition to some\nin-provider checks such as zone detection. Defaults to your system-configured\nDNS resolvers.\n" }, "renewalInfoExplanationUrl": { "type": "string", "description": "A URL that can be optionally supplied by an\nARI endpoint explaining the renewal window policy (see\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoIgnoreRetryAfter": { "type": "boolean", "description": "Ignores the retry interval\nsupplied by the ARI endpoint for re-fetching renewal window data. Should only\nbe used for testing. Default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n" }, "renewalInfoMaxSleep": { "type": "integer", "description": "The maximum amount of time, in seconds,\nthat the resource is willing to sleep during apply to reach a selected\nrenewal window time when \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. Default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n\n\u003e It's recommended to only use small values here (a few minutes maximum).\nUsing extremely high values increases the risk of resource timeouts. To prevent\nhard resource timeouts, the maximum value allowed here is 900 seconds, or 15\nminutes.\n" }, "renewalInfoRetryAfter": { "type": "string", "description": "A timestamp describing when ARI details will be\nrefreshed if already fetched (see \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoWindowEnd": { "type": "string", "description": "The end of the discovered ARI renewal window (see\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoWindowSelected": { "type": "string", "description": "The selected time within the ARI renewal\nwindow that a certificate will be renewed, if\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e is enabled.\n" }, "renewalInfoWindowStart": { "type": "string", "description": "The start of the discovered ARI renewal window\n(see \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "revokeCertificateOnDestroy": { "type": "boolean", "description": "Enables revocation of a certificate upon destroy,\nwhich includes when a resource is re-created. Default is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "revokeCertificateReason": { "type": "string", "description": "Some CA's require a reason for revocation to be provided.\nUse this reason (from [RFC 5280, section 5.3.1](https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1).\nBy default, no reason provided in revocation requests. The reason is a string, when provided should be one of:\n* unspecified\n* key-compromise\n* ca-compromise\n* affiliation-changed\n* superseded\n* cessation-of-operation\n* certificate-hold\n* remove-from-crl\n* privilege-withdrawn\n* aa-compromise\n" }, "subjectAlternativeNames": { "type": "array", "items": { "type": "string" }, "description": "The certificate's subject alternative names;\ndomains that this certificate will also be recognized for. Forces a new\nresource when changed.\n" }, "tlsChallenge": { "$ref": "#/types/acme:index/CertificateTlsChallenge:CertificateTlsChallenge", "description": "Defines a TLS challenge to use in fulfilling the\nrequest.\n\n\u003e Only one of \u003cspan pulumi-lang-nodejs=\"`httpChallenge`\" pulumi-lang-dotnet=\"`HttpChallenge`\" pulumi-lang-go=\"`httpChallenge`\" pulumi-lang-python=\"`http_challenge`\" pulumi-lang-yaml=\"`httpChallenge`\" pulumi-lang-java=\"`httpChallenge`\"\u003e`httpChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpWebrootChallenge`\" pulumi-lang-dotnet=\"`HttpWebrootChallenge`\" pulumi-lang-go=\"`httpWebrootChallenge`\" pulumi-lang-python=\"`http_webroot_challenge`\" pulumi-lang-yaml=\"`httpWebrootChallenge`\" pulumi-lang-java=\"`httpWebrootChallenge`\"\u003e`httpWebrootChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpS3Challenge`\" pulumi-lang-dotnet=\"`HttpS3Challenge`\" pulumi-lang-go=\"`httpS3Challenge`\" pulumi-lang-python=\"`http_s3_challenge`\" pulumi-lang-yaml=\"`httpS3Challenge`\" pulumi-lang-java=\"`httpS3Challenge`\"\u003e`httpS3Challenge`\u003c/span\u003e\nand \u003cspan pulumi-lang-nodejs=\"`httpMemcachedChallenge`\" pulumi-lang-dotnet=\"`HttpMemcachedChallenge`\" pulumi-lang-go=\"`httpMemcachedChallenge`\" pulumi-lang-python=\"`http_memcached_challenge`\" pulumi-lang-yaml=\"`httpMemcachedChallenge`\" pulumi-lang-java=\"`httpMemcachedChallenge`\"\u003e`httpMemcachedChallenge`\u003c/span\u003e can be defined at once. See the section on\nUsing HTTP and TLS challenges for more\ndetails on using these and \u003cspan pulumi-lang-nodejs=\"`tlsChallenge`\" pulumi-lang-dotnet=\"`TlsChallenge`\" pulumi-lang-go=\"`tlsChallenge`\" pulumi-lang-python=\"`tls_challenge`\" pulumi-lang-yaml=\"`tlsChallenge`\" pulumi-lang-java=\"`tlsChallenge`\"\u003e`tlsChallenge`\u003c/span\u003e.\n" }, "useRenewalInfo": { "type": "boolean", "description": "When enabled, use information available from\nthe CA's ACME Renewal Information (ARI) endpoint for renewing certificates.\nDefault: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e More detail on ARI can be found in [RFC\n9773](https://datatracker.ietf.org/doc/rfc9773/).\n\n\u003e Note that \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e does not disable \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e! If the\nselected time within an ARI renewal window value cannot be reached at plan time\n(based on the current time plus the value of\n\u003cspan pulumi-lang-nodejs=\"`renewalInfoMaxSleep`\" pulumi-lang-dotnet=\"`RenewalInfoMaxSleep`\" pulumi-lang-go=\"`renewalInfoMaxSleep`\" pulumi-lang-python=\"`renewal_info_max_sleep`\" pulumi-lang-yaml=\"`renewalInfoMaxSleep`\" pulumi-lang-java=\"`renewalInfoMaxSleep`\"\u003e`renewalInfoMaxSleep`\u003c/span\u003e), or if the CA has no ARI\nendpoint, renewal behavior will fall back to comparing the certificate expiry\ntime with the value in \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e. This means for short-lived\ncertificates, you may wish to turn this value down so that the settings do not\nconflict, or consider using \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e instead.\n" }, "validityDays": { "type": "integer", "description": "The desired validity duration for the\ncertificate, in days (e.g., \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e for 7 days, \u003cspan pulumi-lang-nodejs=\"`90`\" pulumi-lang-dotnet=\"`90`\" pulumi-lang-go=\"`90`\" pulumi-lang-python=\"`90`\" pulumi-lang-yaml=\"`90`\" pulumi-lang-java=\"`90`\"\u003e`90`\u003c/span\u003e for 90 days). Changing this\nvalue triggers a certificate renewal.\n\n\u003e Note that not all ACME CAs support user-set certificate durations; most\nfamously, [Let's Encrypt does\nnot](https://github.com/letsencrypt/boulder/blob/main/docs/acme-divergences.md#section-74).\nCheck with your CA to ensure this feature is supported before using it.\n" } }, "required": [ "accountKeyPem", "certificateDomain", "certificateNotAfter", "certificateNotBefore", "certificateP12", "certificatePem", "certificateSerial", "certificateUrl", "issuerPem", "privateKeyPem", "renewalInfoExplanationUrl", "renewalInfoRetryAfter", "renewalInfoWindowEnd", "renewalInfoWindowSelected", "renewalInfoWindowStart" ], "inputProperties": { "accountKeyPem": { "type": "string", "description": "The private key of the account that is\nrequesting the certificate. Forces a new resource when changed.\n", "secret": true, "willReplaceOnChanges": true }, "certTimeout": { "type": "integer", "description": "Controls the timeout in seconds for certificate requests\nthat are made after challenges are complete. Defaults to 30 seconds.\n\n\u003e As mentioned, \u003cspan pulumi-lang-nodejs=\"`certTimeout`\" pulumi-lang-dotnet=\"`CertTimeout`\" pulumi-lang-go=\"`certTimeout`\" pulumi-lang-python=\"`cert_timeout`\" pulumi-lang-yaml=\"`certTimeout`\" pulumi-lang-java=\"`certTimeout`\"\u003e`certTimeout`\u003c/span\u003e does nothing until all challenges are complete.\nIf you are looking to control timeouts related to a particular challenge (such\nas a DNS challenge), see that challenge provider's specific options.\n" }, "certificateP12Password": { "type": "string", "description": "Password to be used when generating\nthe PFX file stored in \u003cspan pulumi-lang-nodejs=\"`certificateP12`\" pulumi-lang-dotnet=\"`CertificateP12`\" pulumi-lang-go=\"`certificateP12`\" pulumi-lang-python=\"`certificate_p12`\" pulumi-lang-yaml=\"`certificateP12`\" pulumi-lang-java=\"`certificateP12`\"\u003e`certificateP12`\u003c/span\u003e. Defaults to an\nempty string.\n", "secret": true }, "certificateRequestPem": { "type": "string", "description": "A pre-created certificate request, such as one\nfrom [\u003cspan pulumi-lang-nodejs=\"`tlsCertRequest`\" pulumi-lang-dotnet=\"`TlsCertRequest`\" pulumi-lang-go=\"`tlsCertRequest`\" pulumi-lang-python=\"`tls_cert_request`\" pulumi-lang-yaml=\"`tlsCertRequest`\" pulumi-lang-java=\"`tlsCertRequest`\"\u003e`tlsCertRequest`\u003c/span\u003e][tls-cert-request], or one from an external source,\nin PEM format. Forces a new resource when changed.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, or\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e\nconflicts with \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e; You cannot have\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e defined at the same time as \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e or\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, and vice versa. Finally, \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e can be\nblank while \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e is defined, and vice versa; in this\ncase with the \u003cspan pulumi-lang-nodejs=\"`classic`\" pulumi-lang-dotnet=\"`Classic`\" pulumi-lang-go=\"`classic`\" pulumi-lang-python=\"`classic`\" pulumi-lang-yaml=\"`classic`\" pulumi-lang-java=\"`classic`\"\u003e`classic`\u003c/span\u003e Let's Encrypt profile, the first domain defined in\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e becomes the common name.\n", "willReplaceOnChanges": true }, "commonName": { "type": "string", "description": "The certificate's common name, the primary domain that the\ncertificate will be recognized for. Forces a new resource when changed.\n", "willReplaceOnChanges": true }, "deactivateAuthorizations": { "type": "boolean", "description": "Controls if authorizations are explicitly\ndeactivated after a certificate has been obtained, preventing their re-use.\nDefault: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "disableCompletePropagation": { "type": "boolean", "description": "Disable the requirement for full\npropagation of the TXT challenge records before proceeding with validation.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e See About DNS propagation checks for details\non the \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e settings.\n" }, "dnsChallenges": { "type": "array", "items": { "$ref": "#/types/acme:index/CertificateDnsChallenge:CertificateDnsChallenge" }, "description": "The DNS challenges to\nuse in fulfilling the request.\n" }, "httpChallenge": { "$ref": "#/types/acme:index/CertificateHttpChallenge:CertificateHttpChallenge", "description": "Defines an HTTP challenge to use in fulfilling\nthe request.\n" }, "httpMemcachedChallenge": { "$ref": "#/types/acme:index/CertificateHttpMemcachedChallenge:CertificateHttpMemcachedChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[Memcached](https://memcached.org/) cluster.\n" }, "httpS3Challenge": { "$ref": "#/types/acme:index/CertificateHttpS3Challenge:CertificateHttpS3Challenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[S3](https://aws.amazon.com/s3/) bucket.\n" }, "httpWebrootChallenge": { "$ref": "#/types/acme:index/CertificateHttpWebrootChallenge:CertificateHttpWebrootChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to place a file at a location that can be served by\nan out-of-band webserver.\n" }, "keyType": { "type": "string", "description": "The key type for the certificate's private key. Can be one of:\n`P256` and `P384` (for ECDSA keys of respective length) or \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`4096`\" pulumi-lang-dotnet=\"`4096`\" pulumi-lang-go=\"`4096`\" pulumi-lang-python=\"`4096`\" pulumi-lang-yaml=\"`4096`\" pulumi-lang-java=\"`4096`\"\u003e`4096`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`8192`\" pulumi-lang-dotnet=\"`8192`\" pulumi-lang-go=\"`8192`\" pulumi-lang-python=\"`8192`\" pulumi-lang-yaml=\"`8192`\" pulumi-lang-java=\"`8192`\"\u003e`8192`\u003c/span\u003e (for RSA keys of respective length). Required when not specifying a\nCSR. The default is \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e (RSA key of 2048 bits). Forces a new resource when\nchanged.\n", "willReplaceOnChanges": true }, "minDaysDynamic": { "type": "boolean", "description": "Derive the renewal threshold from the\ncertificate lifetime instead of a static value. When set, the threshold is\nset to 1/3 of the certificate's lifetime, or 1/2 if the lifetime is 10 days\nor less. Default: `false.`\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e - only one may be set\nat once.\n" }, "minDaysRemaining": { "type": "integer", "description": "The minimum amount of days remaining on the\nexpiration of a certificate before a renewal is attempted. The default is\n\u003cspan pulumi-lang-nodejs=\"`30`\" pulumi-lang-dotnet=\"`30`\" pulumi-lang-go=\"`30`\" pulumi-lang-python=\"`30`\" pulumi-lang-yaml=\"`30`\" pulumi-lang-java=\"`30`\"\u003e`30`\u003c/span\u003e. A value of less than \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e means that the certificate will never be\nrenewed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e must be lower than \u003cspan pulumi-lang-nodejs=\"`validityDays`\" pulumi-lang-dotnet=\"`ValidityDays`\" pulumi-lang-go=\"`validityDays`\" pulumi-lang-python=\"`validity_days`\" pulumi-lang-yaml=\"`validityDays`\" pulumi-lang-java=\"`validityDays`\"\u003e`validityDays`\u003c/span\u003e (if defined).\n" }, "mustStaple": { "type": "boolean", "description": "Enables the [OCSP Stapling Required][ocsp-stapling]\nTLS Security Policy extension. Certificates with this extension must include a\nvalid OCSP Staple in the TLS handshake for the connection to succeed.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Note that this option has no effect when using an\nexternal CSR - it must be enabled in the CSR itself. Forces a new resource\nwhen changed.\n\n[ocsp-stapling]: https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling\n\n\u003e OCSP stapling requires specific webserver configuration to support the\ndownloading of the staple from the CA's OCSP endpoints, and should be configured\nto tolerate prolonged outages of the OCSP service. Consider this when using\n\u003cspan pulumi-lang-nodejs=\"`mustStaple`\" pulumi-lang-dotnet=\"`MustStaple`\" pulumi-lang-go=\"`mustStaple`\" pulumi-lang-python=\"`must_staple`\" pulumi-lang-yaml=\"`mustStaple`\" pulumi-lang-java=\"`mustStaple`\"\u003e`mustStaple`\u003c/span\u003e, and only enable it if you are sure your webserver or service\nprovider can be configured correctly.\n", "willReplaceOnChanges": true }, "preCheckDelay": { "type": "integer", "description": "Insert a delay after _every_ DNS challenge\nrecord to allow for extra time for DNS propagation before the certificate is\nrequested. Use this option if you observe issues with requesting certificates\neven when DNS challenge records get added successfully. Units are in seconds.\nDefaults to 0 (no delay).\n\n\u003e Be careful with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e since the delay is executed _per-domain_.\nTake your expected delay and divide it by the number of domains you have\nconfigured (\u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e + \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e).\n" }, "preferredChain": { "type": "string", "description": "The common name of the root of a preferred\nalternate certificate chain offered by the CA. The certificates in\n\u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e will reflect the chain requested, if available, otherwise the\ndefault chain will be provided. Forces a new resource when changed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e can be used to request alternate chains on Let's Encrypt\nduring the transition away from their old cross-signed intermediates. See [this\narticle for more\ndetails](https://letsencrypt.org/2020/12/21/extending-android-compatibility.html).\nIn their example titled **\"What about the alternate chain?\"**, the root you\nwould put in to the \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e field would be `ISRG Root X1`. The\nequivalent in the [staging\nenvironment](https://letsencrypt.org/docs/staging-environment/) is `(STAGING)\nPretend Pear X1`.\n", "willReplaceOnChanges": true }, "profile": { "type": "string", "description": "The ACME profile to use when requesting the\ncertificate. This can be used to control generation parameters according to\nthe specific CA. The default is blank (no profile); forces a new resource\nwhen changed.\n\n\u003e Let's Encrypt publishes details on their profiles at\n\u003chttps://letsencrypt.org/docs/profiles/\u003e.\n", "willReplaceOnChanges": true }, "propagationWait": { "type": "integer", "description": "Disable DNS propagation checks and wait the\nspecified number of seconds before validation proceeds. Defaults to 0 (no\nwait).\n\n\u003e The wait is applied _per-domain_. When \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e is set, propagation\nchecks are skipped and \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e / \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e\nhave no effect. \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e.\n" }, "recursiveNameservers": { "type": "array", "items": { "type": "string" }, "description": "The recursive nameservers that will be\nused to check for propagation of DNS challenge records, in addition to some\nin-provider checks such as zone detection. Defaults to your system-configured\nDNS resolvers.\n" }, "renewalInfoIgnoreRetryAfter": { "type": "boolean", "description": "Ignores the retry interval\nsupplied by the ARI endpoint for re-fetching renewal window data. Should only\nbe used for testing. Default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n" }, "renewalInfoMaxSleep": { "type": "integer", "description": "The maximum amount of time, in seconds,\nthat the resource is willing to sleep during apply to reach a selected\nrenewal window time when \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. Default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n\n\u003e It's recommended to only use small values here (a few minutes maximum).\nUsing extremely high values increases the risk of resource timeouts. To prevent\nhard resource timeouts, the maximum value allowed here is 900 seconds, or 15\nminutes.\n" }, "revokeCertificateOnDestroy": { "type": "boolean", "description": "Enables revocation of a certificate upon destroy,\nwhich includes when a resource is re-created. Default is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "revokeCertificateReason": { "type": "string", "description": "Some CA's require a reason for revocation to be provided.\nUse this reason (from [RFC 5280, section 5.3.1](https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1).\nBy default, no reason provided in revocation requests. The reason is a string, when provided should be one of:\n* unspecified\n* key-compromise\n* ca-compromise\n* affiliation-changed\n* superseded\n* cessation-of-operation\n* certificate-hold\n* remove-from-crl\n* privilege-withdrawn\n* aa-compromise\n" }, "subjectAlternativeNames": { "type": "array", "items": { "type": "string" }, "description": "The certificate's subject alternative names;\ndomains that this certificate will also be recognized for. Forces a new\nresource when changed.\n", "willReplaceOnChanges": true }, "tlsChallenge": { "$ref": "#/types/acme:index/CertificateTlsChallenge:CertificateTlsChallenge", "description": "Defines a TLS challenge to use in fulfilling the\nrequest.\n\n\u003e Only one of \u003cspan pulumi-lang-nodejs=\"`httpChallenge`\" pulumi-lang-dotnet=\"`HttpChallenge`\" pulumi-lang-go=\"`httpChallenge`\" pulumi-lang-python=\"`http_challenge`\" pulumi-lang-yaml=\"`httpChallenge`\" pulumi-lang-java=\"`httpChallenge`\"\u003e`httpChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpWebrootChallenge`\" pulumi-lang-dotnet=\"`HttpWebrootChallenge`\" pulumi-lang-go=\"`httpWebrootChallenge`\" pulumi-lang-python=\"`http_webroot_challenge`\" pulumi-lang-yaml=\"`httpWebrootChallenge`\" pulumi-lang-java=\"`httpWebrootChallenge`\"\u003e`httpWebrootChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpS3Challenge`\" pulumi-lang-dotnet=\"`HttpS3Challenge`\" pulumi-lang-go=\"`httpS3Challenge`\" pulumi-lang-python=\"`http_s3_challenge`\" pulumi-lang-yaml=\"`httpS3Challenge`\" pulumi-lang-java=\"`httpS3Challenge`\"\u003e`httpS3Challenge`\u003c/span\u003e\nand \u003cspan pulumi-lang-nodejs=\"`httpMemcachedChallenge`\" pulumi-lang-dotnet=\"`HttpMemcachedChallenge`\" pulumi-lang-go=\"`httpMemcachedChallenge`\" pulumi-lang-python=\"`http_memcached_challenge`\" pulumi-lang-yaml=\"`httpMemcachedChallenge`\" pulumi-lang-java=\"`httpMemcachedChallenge`\"\u003e`httpMemcachedChallenge`\u003c/span\u003e can be defined at once. See the section on\nUsing HTTP and TLS challenges for more\ndetails on using these and \u003cspan pulumi-lang-nodejs=\"`tlsChallenge`\" pulumi-lang-dotnet=\"`TlsChallenge`\" pulumi-lang-go=\"`tlsChallenge`\" pulumi-lang-python=\"`tls_challenge`\" pulumi-lang-yaml=\"`tlsChallenge`\" pulumi-lang-java=\"`tlsChallenge`\"\u003e`tlsChallenge`\u003c/span\u003e.\n" }, "useRenewalInfo": { "type": "boolean", "description": "When enabled, use information available from\nthe CA's ACME Renewal Information (ARI) endpoint for renewing certificates.\nDefault: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e More detail on ARI can be found in [RFC\n9773](https://datatracker.ietf.org/doc/rfc9773/).\n\n\u003e Note that \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e does not disable \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e! If the\nselected time within an ARI renewal window value cannot be reached at plan time\n(based on the current time plus the value of\n\u003cspan pulumi-lang-nodejs=\"`renewalInfoMaxSleep`\" pulumi-lang-dotnet=\"`RenewalInfoMaxSleep`\" pulumi-lang-go=\"`renewalInfoMaxSleep`\" pulumi-lang-python=\"`renewal_info_max_sleep`\" pulumi-lang-yaml=\"`renewalInfoMaxSleep`\" pulumi-lang-java=\"`renewalInfoMaxSleep`\"\u003e`renewalInfoMaxSleep`\u003c/span\u003e), or if the CA has no ARI\nendpoint, renewal behavior will fall back to comparing the certificate expiry\ntime with the value in \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e. This means for short-lived\ncertificates, you may wish to turn this value down so that the settings do not\nconflict, or consider using \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e instead.\n" }, "validityDays": { "type": "integer", "description": "The desired validity duration for the\ncertificate, in days (e.g., \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e for 7 days, \u003cspan pulumi-lang-nodejs=\"`90`\" pulumi-lang-dotnet=\"`90`\" pulumi-lang-go=\"`90`\" pulumi-lang-python=\"`90`\" pulumi-lang-yaml=\"`90`\" pulumi-lang-java=\"`90`\"\u003e`90`\u003c/span\u003e for 90 days). Changing this\nvalue triggers a certificate renewal.\n\n\u003e Note that not all ACME CAs support user-set certificate durations; most\nfamously, [Let's Encrypt does\nnot](https://github.com/letsencrypt/boulder/blob/main/docs/acme-divergences.md#section-74).\nCheck with your CA to ensure this feature is supported before using it.\n" } }, "requiredInputs": [ "accountKeyPem" ], "stateInputs": { "description": "Input properties used for looking up and filtering Certificate resources.\n", "properties": { "accountKeyPem": { "type": "string", "description": "The private key of the account that is\nrequesting the certificate. Forces a new resource when changed.\n", "secret": true, "willReplaceOnChanges": true }, "certTimeout": { "type": "integer", "description": "Controls the timeout in seconds for certificate requests\nthat are made after challenges are complete. Defaults to 30 seconds.\n\n\u003e As mentioned, \u003cspan pulumi-lang-nodejs=\"`certTimeout`\" pulumi-lang-dotnet=\"`CertTimeout`\" pulumi-lang-go=\"`certTimeout`\" pulumi-lang-python=\"`cert_timeout`\" pulumi-lang-yaml=\"`certTimeout`\" pulumi-lang-java=\"`certTimeout`\"\u003e`certTimeout`\u003c/span\u003e does nothing until all challenges are complete.\nIf you are looking to control timeouts related to a particular challenge (such\nas a DNS challenge), see that challenge provider's specific options.\n" }, "certificateDomain": { "type": "string", "description": "The common name of the certificate.\n" }, "certificateNotAfter": { "type": "string", "description": "The expiry date of the certificate, laid out in\nRFC3339 format (`2006-01-02T15:04:05Z07:00`).\n" }, "certificateNotBefore": { "type": "string" }, "certificateP12": { "type": "string", "description": "The certificate, any intermediates, and the private key\narchived as a PFX file (PKCS12 format, generally used by Microsoft products).\nThe data is base64 encoded (including padding), and its password is\nconfigurable via the \u003cspan pulumi-lang-nodejs=\"`certificateP12Password`\" pulumi-lang-dotnet=\"`CertificateP12Password`\" pulumi-lang-go=\"`certificateP12Password`\" pulumi-lang-python=\"`certificate_p12_password`\" pulumi-lang-yaml=\"`certificateP12Password`\" pulumi-lang-java=\"`certificateP12Password`\"\u003e`certificateP12Password`\u003c/span\u003e\nargument. This field is empty if creating a certificate from a CSR.\n", "secret": true }, "certificateP12Password": { "type": "string", "description": "Password to be used when generating\nthe PFX file stored in \u003cspan pulumi-lang-nodejs=\"`certificateP12`\" pulumi-lang-dotnet=\"`CertificateP12`\" pulumi-lang-go=\"`certificateP12`\" pulumi-lang-python=\"`certificate_p12`\" pulumi-lang-yaml=\"`certificateP12`\" pulumi-lang-java=\"`certificateP12`\"\u003e`certificateP12`\u003c/span\u003e. Defaults to an\nempty string.\n", "secret": true }, "certificatePem": { "type": "string", "description": "The certificate in PEM format. This does not include the\n\u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e. This certificate can be concatenated with \u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e to form\na full chain, e.g. `\"${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}\"`\n" }, "certificateRequestPem": { "type": "string", "description": "A pre-created certificate request, such as one\nfrom [\u003cspan pulumi-lang-nodejs=\"`tlsCertRequest`\" pulumi-lang-dotnet=\"`TlsCertRequest`\" pulumi-lang-go=\"`tlsCertRequest`\" pulumi-lang-python=\"`tls_cert_request`\" pulumi-lang-yaml=\"`tlsCertRequest`\" pulumi-lang-java=\"`tlsCertRequest`\"\u003e`tlsCertRequest`\u003c/span\u003e][tls-cert-request], or one from an external source,\nin PEM format. Forces a new resource when changed.\n\n\u003e One of \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, or\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e must be specified. \u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e\nconflicts with \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e; You cannot have\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e defined at the same time as \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e or\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e, and vice versa. Finally, \u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e can be\nblank while \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e is defined, and vice versa; in this\ncase with the \u003cspan pulumi-lang-nodejs=\"`classic`\" pulumi-lang-dotnet=\"`Classic`\" pulumi-lang-go=\"`classic`\" pulumi-lang-python=\"`classic`\" pulumi-lang-yaml=\"`classic`\" pulumi-lang-java=\"`classic`\"\u003e`classic`\u003c/span\u003e Let's Encrypt profile, the first domain defined in\n\u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e becomes the common name.\n", "willReplaceOnChanges": true }, "certificateSerial": { "type": "string", "description": "The serial number, in string format, as reported by\nthe CA.\n" }, "certificateUrl": { "type": "string", "description": "The full URL of the certificate within the ACME CA.\n" }, "commonName": { "type": "string", "description": "The certificate's common name, the primary domain that the\ncertificate will be recognized for. Forces a new resource when changed.\n", "willReplaceOnChanges": true }, "deactivateAuthorizations": { "type": "boolean", "description": "Controls if authorizations are explicitly\ndeactivated after a certificate has been obtained, preventing their re-use.\nDefault: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "disableCompletePropagation": { "type": "boolean", "description": "Disable the requirement for full\npropagation of the TXT challenge records before proceeding with validation.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e See About DNS propagation checks for details\non the \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e settings.\n" }, "dnsChallenges": { "type": "array", "items": { "$ref": "#/types/acme:index/CertificateDnsChallenge:CertificateDnsChallenge" }, "description": "The DNS challenges to\nuse in fulfilling the request.\n" }, "httpChallenge": { "$ref": "#/types/acme:index/CertificateHttpChallenge:CertificateHttpChallenge", "description": "Defines an HTTP challenge to use in fulfilling\nthe request.\n" }, "httpMemcachedChallenge": { "$ref": "#/types/acme:index/CertificateHttpMemcachedChallenge:CertificateHttpMemcachedChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[Memcached](https://memcached.org/) cluster.\n" }, "httpS3Challenge": { "$ref": "#/types/acme:index/CertificateHttpS3Challenge:CertificateHttpS3Challenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to serve up challenges to a\n[S3](https://aws.amazon.com/s3/) bucket.\n" }, "httpWebrootChallenge": { "$ref": "#/types/acme:index/CertificateHttpWebrootChallenge:CertificateHttpWebrootChallenge", "description": "Defines an alternate type of HTTP\nchallenge that can be used to place a file at a location that can be served by\nan out-of-band webserver.\n" }, "issuerPem": { "type": "string", "description": "The intermediate certificates of the issuer. Multiple\ncertificates are concatenated in this field when there is more than one\nintermediate certificate in the chain.\n" }, "keyType": { "type": "string", "description": "The key type for the certificate's private key. Can be one of:\n`P256` and `P384` (for ECDSA keys of respective length) or \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`4096`\" pulumi-lang-dotnet=\"`4096`\" pulumi-lang-go=\"`4096`\" pulumi-lang-python=\"`4096`\" pulumi-lang-yaml=\"`4096`\" pulumi-lang-java=\"`4096`\"\u003e`4096`\u003c/span\u003e, and\n\u003cspan pulumi-lang-nodejs=\"`8192`\" pulumi-lang-dotnet=\"`8192`\" pulumi-lang-go=\"`8192`\" pulumi-lang-python=\"`8192`\" pulumi-lang-yaml=\"`8192`\" pulumi-lang-java=\"`8192`\"\u003e`8192`\u003c/span\u003e (for RSA keys of respective length). Required when not specifying a\nCSR. The default is \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e (RSA key of 2048 bits). Forces a new resource when\nchanged.\n", "willReplaceOnChanges": true }, "minDaysDynamic": { "type": "boolean", "description": "Derive the renewal threshold from the\ncertificate lifetime instead of a static value. When set, the threshold is\nset to 1/3 of the certificate's lifetime, or 1/2 if the lifetime is 10 days\nor less. Default: `false.`\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e - only one may be set\nat once.\n" }, "minDaysRemaining": { "type": "integer", "description": "The minimum amount of days remaining on the\nexpiration of a certificate before a renewal is attempted. The default is\n\u003cspan pulumi-lang-nodejs=\"`30`\" pulumi-lang-dotnet=\"`30`\" pulumi-lang-go=\"`30`\" pulumi-lang-python=\"`30`\" pulumi-lang-yaml=\"`30`\" pulumi-lang-java=\"`30`\"\u003e`30`\u003c/span\u003e. A value of less than \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e means that the certificate will never be\nrenewed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e must be lower than \u003cspan pulumi-lang-nodejs=\"`validityDays`\" pulumi-lang-dotnet=\"`ValidityDays`\" pulumi-lang-go=\"`validityDays`\" pulumi-lang-python=\"`validity_days`\" pulumi-lang-yaml=\"`validityDays`\" pulumi-lang-java=\"`validityDays`\"\u003e`validityDays`\u003c/span\u003e (if defined).\n" }, "mustStaple": { "type": "boolean", "description": "Enables the [OCSP Stapling Required][ocsp-stapling]\nTLS Security Policy extension. Certificates with this extension must include a\nvalid OCSP Staple in the TLS handshake for the connection to succeed.\nDefaults to \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e. Note that this option has no effect when using an\nexternal CSR - it must be enabled in the CSR itself. Forces a new resource\nwhen changed.\n\n[ocsp-stapling]: https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling\n\n\u003e OCSP stapling requires specific webserver configuration to support the\ndownloading of the staple from the CA's OCSP endpoints, and should be configured\nto tolerate prolonged outages of the OCSP service. Consider this when using\n\u003cspan pulumi-lang-nodejs=\"`mustStaple`\" pulumi-lang-dotnet=\"`MustStaple`\" pulumi-lang-go=\"`mustStaple`\" pulumi-lang-python=\"`must_staple`\" pulumi-lang-yaml=\"`mustStaple`\" pulumi-lang-java=\"`mustStaple`\"\u003e`mustStaple`\u003c/span\u003e, and only enable it if you are sure your webserver or service\nprovider can be configured correctly.\n", "willReplaceOnChanges": true }, "preCheckDelay": { "type": "integer", "description": "Insert a delay after _every_ DNS challenge\nrecord to allow for extra time for DNS propagation before the certificate is\nrequested. Use this option if you observe issues with requesting certificates\neven when DNS challenge records get added successfully. Units are in seconds.\nDefaults to 0 (no delay).\n\n\u003e Be careful with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e since the delay is executed _per-domain_.\nTake your expected delay and divide it by the number of domains you have\nconfigured (\u003cspan pulumi-lang-nodejs=\"`commonName`\" pulumi-lang-dotnet=\"`CommonName`\" pulumi-lang-go=\"`commonName`\" pulumi-lang-python=\"`common_name`\" pulumi-lang-yaml=\"`commonName`\" pulumi-lang-java=\"`commonName`\"\u003e`commonName`\u003c/span\u003e + \u003cspan pulumi-lang-nodejs=\"`subjectAlternativeNames`\" pulumi-lang-dotnet=\"`SubjectAlternativeNames`\" pulumi-lang-go=\"`subjectAlternativeNames`\" pulumi-lang-python=\"`subject_alternative_names`\" pulumi-lang-yaml=\"`subjectAlternativeNames`\" pulumi-lang-java=\"`subjectAlternativeNames`\"\u003e`subjectAlternativeNames`\u003c/span\u003e).\n" }, "preferredChain": { "type": "string", "description": "The common name of the root of a preferred\nalternate certificate chain offered by the CA. The certificates in\n\u003cspan pulumi-lang-nodejs=\"`issuerPem`\" pulumi-lang-dotnet=\"`IssuerPem`\" pulumi-lang-go=\"`issuerPem`\" pulumi-lang-python=\"`issuer_pem`\" pulumi-lang-yaml=\"`issuerPem`\" pulumi-lang-java=\"`issuerPem`\"\u003e`issuerPem`\u003c/span\u003e will reflect the chain requested, if available, otherwise the\ndefault chain will be provided. Forces a new resource when changed.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e can be used to request alternate chains on Let's Encrypt\nduring the transition away from their old cross-signed intermediates. See [this\narticle for more\ndetails](https://letsencrypt.org/2020/12/21/extending-android-compatibility.html).\nIn their example titled **\"What about the alternate chain?\"**, the root you\nwould put in to the \u003cspan pulumi-lang-nodejs=\"`preferredChain`\" pulumi-lang-dotnet=\"`PreferredChain`\" pulumi-lang-go=\"`preferredChain`\" pulumi-lang-python=\"`preferred_chain`\" pulumi-lang-yaml=\"`preferredChain`\" pulumi-lang-java=\"`preferredChain`\"\u003e`preferredChain`\u003c/span\u003e field would be `ISRG Root X1`. The\nequivalent in the [staging\nenvironment](https://letsencrypt.org/docs/staging-environment/) is `(STAGING)\nPretend Pear X1`.\n", "willReplaceOnChanges": true }, "privateKeyPem": { "type": "string", "description": "The certificate's private key, in PEM format, if the\ncertificate was generated from scratch and not with\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e. If\n\u003cspan pulumi-lang-nodejs=\"`certificateRequestPem`\" pulumi-lang-dotnet=\"`CertificateRequestPem`\" pulumi-lang-go=\"`certificateRequestPem`\" pulumi-lang-python=\"`certificate_request_pem`\" pulumi-lang-yaml=\"`certificateRequestPem`\" pulumi-lang-java=\"`certificateRequestPem`\"\u003e`certificateRequestPem`\u003c/span\u003e was used, this will be blank.\n", "secret": true }, "profile": { "type": "string", "description": "The ACME profile to use when requesting the\ncertificate. This can be used to control generation parameters according to\nthe specific CA. The default is blank (no profile); forces a new resource\nwhen changed.\n\n\u003e Let's Encrypt publishes details on their profiles at\n\u003chttps://letsencrypt.org/docs/profiles/\u003e.\n", "willReplaceOnChanges": true }, "propagationWait": { "type": "integer", "description": "Disable DNS propagation checks and wait the\nspecified number of seconds before validation proceeds. Defaults to 0 (no\nwait).\n\n\u003e The wait is applied _per-domain_. When \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e is set, propagation\nchecks are skipped and \u003cspan pulumi-lang-nodejs=\"`recursiveNameservers`\" pulumi-lang-dotnet=\"`RecursiveNameservers`\" pulumi-lang-go=\"`recursiveNameservers`\" pulumi-lang-python=\"`recursive_nameservers`\" pulumi-lang-yaml=\"`recursiveNameservers`\" pulumi-lang-java=\"`recursiveNameservers`\"\u003e`recursiveNameservers`\u003c/span\u003e / \u003cspan pulumi-lang-nodejs=\"`disableCompletePropagation`\" pulumi-lang-dotnet=\"`DisableCompletePropagation`\" pulumi-lang-go=\"`disableCompletePropagation`\" pulumi-lang-python=\"`disable_complete_propagation`\" pulumi-lang-yaml=\"`disableCompletePropagation`\" pulumi-lang-java=\"`disableCompletePropagation`\"\u003e`disableCompletePropagation`\u003c/span\u003e\nhave no effect. \u003cspan pulumi-lang-nodejs=\"`propagationWait`\" pulumi-lang-dotnet=\"`PropagationWait`\" pulumi-lang-go=\"`propagationWait`\" pulumi-lang-python=\"`propagation_wait`\" pulumi-lang-yaml=\"`propagationWait`\" pulumi-lang-java=\"`propagationWait`\"\u003e`propagationWait`\u003c/span\u003e conflicts with \u003cspan pulumi-lang-nodejs=\"`preCheckDelay`\" pulumi-lang-dotnet=\"`PreCheckDelay`\" pulumi-lang-go=\"`preCheckDelay`\" pulumi-lang-python=\"`pre_check_delay`\" pulumi-lang-yaml=\"`preCheckDelay`\" pulumi-lang-java=\"`preCheckDelay`\"\u003e`preCheckDelay`\u003c/span\u003e.\n" }, "recursiveNameservers": { "type": "array", "items": { "type": "string" }, "description": "The recursive nameservers that will be\nused to check for propagation of DNS challenge records, in addition to some\nin-provider checks such as zone detection. Defaults to your system-configured\nDNS resolvers.\n" }, "renewalInfoExplanationUrl": { "type": "string", "description": "A URL that can be optionally supplied by an\nARI endpoint explaining the renewal window policy (see\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoIgnoreRetryAfter": { "type": "boolean", "description": "Ignores the retry interval\nsupplied by the ARI endpoint for re-fetching renewal window data. Should only\nbe used for testing. Default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n" }, "renewalInfoMaxSleep": { "type": "integer", "description": "The maximum amount of time, in seconds,\nthat the resource is willing to sleep during apply to reach a selected\nrenewal window time when \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e is set to \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e. Default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e.\n\n\u003e It's recommended to only use small values here (a few minutes maximum).\nUsing extremely high values increases the risk of resource timeouts. To prevent\nhard resource timeouts, the maximum value allowed here is 900 seconds, or 15\nminutes.\n" }, "renewalInfoRetryAfter": { "type": "string", "description": "A timestamp describing when ARI details will be\nrefreshed if already fetched (see \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoWindowEnd": { "type": "string", "description": "The end of the discovered ARI renewal window (see\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "renewalInfoWindowSelected": { "type": "string", "description": "The selected time within the ARI renewal\nwindow that a certificate will be renewed, if\n\u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e is enabled.\n" }, "renewalInfoWindowStart": { "type": "string", "description": "The start of the discovered ARI renewal window\n(see \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e).\n" }, "revokeCertificateOnDestroy": { "type": "boolean", "description": "Enables revocation of a certificate upon destroy,\nwhich includes when a resource is re-created. Default is \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\n" }, "revokeCertificateReason": { "type": "string", "description": "Some CA's require a reason for revocation to be provided.\nUse this reason (from [RFC 5280, section 5.3.1](https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1).\nBy default, no reason provided in revocation requests. The reason is a string, when provided should be one of:\n* unspecified\n* key-compromise\n* ca-compromise\n* affiliation-changed\n* superseded\n* cessation-of-operation\n* certificate-hold\n* remove-from-crl\n* privilege-withdrawn\n* aa-compromise\n" }, "subjectAlternativeNames": { "type": "array", "items": { "type": "string" }, "description": "The certificate's subject alternative names;\ndomains that this certificate will also be recognized for. Forces a new\nresource when changed.\n", "willReplaceOnChanges": true }, "tlsChallenge": { "$ref": "#/types/acme:index/CertificateTlsChallenge:CertificateTlsChallenge", "description": "Defines a TLS challenge to use in fulfilling the\nrequest.\n\n\u003e Only one of \u003cspan pulumi-lang-nodejs=\"`httpChallenge`\" pulumi-lang-dotnet=\"`HttpChallenge`\" pulumi-lang-go=\"`httpChallenge`\" pulumi-lang-python=\"`http_challenge`\" pulumi-lang-yaml=\"`httpChallenge`\" pulumi-lang-java=\"`httpChallenge`\"\u003e`httpChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpWebrootChallenge`\" pulumi-lang-dotnet=\"`HttpWebrootChallenge`\" pulumi-lang-go=\"`httpWebrootChallenge`\" pulumi-lang-python=\"`http_webroot_challenge`\" pulumi-lang-yaml=\"`httpWebrootChallenge`\" pulumi-lang-java=\"`httpWebrootChallenge`\"\u003e`httpWebrootChallenge`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`httpS3Challenge`\" pulumi-lang-dotnet=\"`HttpS3Challenge`\" pulumi-lang-go=\"`httpS3Challenge`\" pulumi-lang-python=\"`http_s3_challenge`\" pulumi-lang-yaml=\"`httpS3Challenge`\" pulumi-lang-java=\"`httpS3Challenge`\"\u003e`httpS3Challenge`\u003c/span\u003e\nand \u003cspan pulumi-lang-nodejs=\"`httpMemcachedChallenge`\" pulumi-lang-dotnet=\"`HttpMemcachedChallenge`\" pulumi-lang-go=\"`httpMemcachedChallenge`\" pulumi-lang-python=\"`http_memcached_challenge`\" pulumi-lang-yaml=\"`httpMemcachedChallenge`\" pulumi-lang-java=\"`httpMemcachedChallenge`\"\u003e`httpMemcachedChallenge`\u003c/span\u003e can be defined at once. See the section on\nUsing HTTP and TLS challenges for more\ndetails on using these and \u003cspan pulumi-lang-nodejs=\"`tlsChallenge`\" pulumi-lang-dotnet=\"`TlsChallenge`\" pulumi-lang-go=\"`tlsChallenge`\" pulumi-lang-python=\"`tls_challenge`\" pulumi-lang-yaml=\"`tlsChallenge`\" pulumi-lang-java=\"`tlsChallenge`\"\u003e`tlsChallenge`\u003c/span\u003e.\n" }, "useRenewalInfo": { "type": "boolean", "description": "When enabled, use information available from\nthe CA's ACME Renewal Information (ARI) endpoint for renewing certificates.\nDefault: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e.\n\n\u003e More detail on ARI can be found in [RFC\n9773](https://datatracker.ietf.org/doc/rfc9773/).\n\n\u003e Note that \u003cspan pulumi-lang-nodejs=\"`useRenewalInfo`\" pulumi-lang-dotnet=\"`UseRenewalInfo`\" pulumi-lang-go=\"`useRenewalInfo`\" pulumi-lang-python=\"`use_renewal_info`\" pulumi-lang-yaml=\"`useRenewalInfo`\" pulumi-lang-java=\"`useRenewalInfo`\"\u003e`useRenewalInfo`\u003c/span\u003e does not disable \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e! If the\nselected time within an ARI renewal window value cannot be reached at plan time\n(based on the current time plus the value of\n\u003cspan pulumi-lang-nodejs=\"`renewalInfoMaxSleep`\" pulumi-lang-dotnet=\"`RenewalInfoMaxSleep`\" pulumi-lang-go=\"`renewalInfoMaxSleep`\" pulumi-lang-python=\"`renewal_info_max_sleep`\" pulumi-lang-yaml=\"`renewalInfoMaxSleep`\" pulumi-lang-java=\"`renewalInfoMaxSleep`\"\u003e`renewalInfoMaxSleep`\u003c/span\u003e), or if the CA has no ARI\nendpoint, renewal behavior will fall back to comparing the certificate expiry\ntime with the value in \u003cspan pulumi-lang-nodejs=\"`minDaysRemaining`\" pulumi-lang-dotnet=\"`MinDaysRemaining`\" pulumi-lang-go=\"`minDaysRemaining`\" pulumi-lang-python=\"`min_days_remaining`\" pulumi-lang-yaml=\"`minDaysRemaining`\" pulumi-lang-java=\"`minDaysRemaining`\"\u003e`minDaysRemaining`\u003c/span\u003e. This means for short-lived\ncertificates, you may wish to turn this value down so that the settings do not\nconflict, or consider using \u003cspan pulumi-lang-nodejs=\"`minDaysDynamic`\" pulumi-lang-dotnet=\"`MinDaysDynamic`\" pulumi-lang-go=\"`minDaysDynamic`\" pulumi-lang-python=\"`min_days_dynamic`\" pulumi-lang-yaml=\"`minDaysDynamic`\" pulumi-lang-java=\"`minDaysDynamic`\"\u003e`minDaysDynamic`\u003c/span\u003e instead.\n" }, "validityDays": { "type": "integer", "description": "The desired validity duration for the\ncertificate, in days (e.g., \u003cspan pulumi-lang-nodejs=\"`7`\" pulumi-lang-dotnet=\"`7`\" pulumi-lang-go=\"`7`\" pulumi-lang-python=\"`7`\" pulumi-lang-yaml=\"`7`\" pulumi-lang-java=\"`7`\"\u003e`7`\u003c/span\u003e for 7 days, \u003cspan pulumi-lang-nodejs=\"`90`\" pulumi-lang-dotnet=\"`90`\" pulumi-lang-go=\"`90`\" pulumi-lang-python=\"`90`\" pulumi-lang-yaml=\"`90`\" pulumi-lang-java=\"`90`\"\u003e`90`\u003c/span\u003e for 90 days). Changing this\nvalue triggers a certificate renewal.\n\n\u003e Note that not all ACME CAs support user-set certificate durations; most\nfamously, [Let's Encrypt does\nnot](https://github.com/letsencrypt/boulder/blob/main/docs/acme-divergences.md#section-74).\nCheck with your CA to ensure this feature is supported before using it.\n" } }, "type": "object" } }, "acme:index/registration:Registration": { "description": "## #\u003cspan pulumi-lang-nodejs=\" acme.Registration\n\" pulumi-lang-dotnet=\" acme.Registration\n\" pulumi-lang-go=\" Registration\n\" pulumi-lang-python=\" Registration\n\" pulumi-lang-yaml=\" acme.Registration\n\" pulumi-lang-java=\" acme.Registration\n\"\u003e acme.Registration\n\u003c/span\u003e\nThe \u003cspan pulumi-lang-nodejs=\"`acme.Registration`\" pulumi-lang-dotnet=\"`acme.Registration`\" pulumi-lang-go=\"`Registration`\" pulumi-lang-python=\"`Registration`\" pulumi-lang-yaml=\"`acme.Registration`\" pulumi-lang-java=\"`acme.Registration`\"\u003e`acme.Registration`\u003c/span\u003e resource can be used to create and manage accounts on an\nACME server. Once registered, the same private key that has been used for\nregistration can be used to request authorizations for certificates.\n\n\u003e This resource is named \u003cspan pulumi-lang-nodejs=\"`acme.Registration`\" pulumi-lang-dotnet=\"`acme.Registration`\" pulumi-lang-go=\"`Registration`\" pulumi-lang-python=\"`Registration`\" pulumi-lang-yaml=\"`acme.Registration`\" pulumi-lang-java=\"`acme.Registration`\"\u003e`acme.Registration`\u003c/span\u003e for historical reasons - in the\nACME v1 spec, a _registration_ referred to the account entity. This resource\nname is stable and there are no plans to change it.\n\n\u003e Keep in mind that when using this resource along with\n[\u003cspan pulumi-lang-nodejs=\"`acme.Certificate`\" pulumi-lang-dotnet=\"`acme.Certificate`\" pulumi-lang-go=\"`Certificate`\" pulumi-lang-python=\"`Certificate`\" pulumi-lang-yaml=\"`acme.Certificate`\" pulumi-lang-java=\"`acme.Certificate`\"\u003e`acme.Certificate`\u003c/span\u003e][resource-certificate] within the same configuration, a\nchange in the provider-level \u003cspan pulumi-lang-nodejs=\"`serverUrl`\" pulumi-lang-dotnet=\"`ServerUrl`\" pulumi-lang-go=\"`serverUrl`\" pulumi-lang-python=\"`server_url`\" pulumi-lang-yaml=\"`serverUrl`\" pulumi-lang-java=\"`serverUrl`\"\u003e`serverUrl`\u003c/span\u003e (example: from the Let's Encrypt\nstaging to production environment) within the same Terraform state will result\nin a resource failure, as Terraform will attempt to look for the account in the\nwrong CA. Consider different workspaces per environment, and/or using [multiple\nprovider instances][multiple-provider-instances].\n\n[multiple-provider-instances]: https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-configurations\n[resource-certificate]: ./certificate.md\n\n## Example\n\n### Basic Example\n\nThe following is the most basic example. In this case, the account private key\nis managed for you.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as acme from \"@pulumiverse/acme\";\n\nconst reg = new acme.Registration(\"reg\", {});\n```\n```python\nimport pulumi\nimport pulumiverse_acme as acme\n\nreg = acme.Registration(\"reg\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Acme = Pulumiverse.Acme;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var reg = new Acme.Registration(\"reg\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-acme/sdk/go/acme\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acme.NewRegistration(ctx, \"reg\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.acme.Registration;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var reg = new Registration(\"reg\");\n\n }\n}\n```\n```yaml\nresources:\n reg:\n type: acme:Registration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Using a Pre-Existing Private Key\n\nThe following creates an account off of a private key generated with the\n[\u003cspan pulumi-lang-nodejs=\"`tlsPrivateKey`\" pulumi-lang-dotnet=\"`TlsPrivateKey`\" pulumi-lang-go=\"`tlsPrivateKey`\" pulumi-lang-python=\"`tls_private_key`\" pulumi-lang-yaml=\"`tlsPrivateKey`\" pulumi-lang-java=\"`tlsPrivateKey`\"\u003e`tlsPrivateKey`\u003c/span\u003e][resource-tls-private-key] resource.\n\n[resource-tls-private-key]: https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as acme from \"@pulumiverse/acme\";\nimport * as tls from \"@pulumi/tls\";\n\nconst privateKey = new tls.index.PrivateKey(\"private_key\", {algorithm: \"RSA\"});\nconst reg = new acme.Registration(\"reg\", {accountKeyPem: privateKey.privateKeyPem});\n```\n```python\nimport pulumi\nimport pulumi_tls as tls\nimport pulumiverse_acme as acme\n\nprivate_key = tls.index.PrivateKey(\"private_key\", algorithm=RSA)\nreg = acme.Registration(\"reg\", account_key_pem=private_key[\"privateKeyPem\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Acme = Pulumiverse.Acme;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var privateKey = new Tls.Index.PrivateKey(\"private_key\", new()\n {\n Algorithm = \"RSA\",\n });\n\n var reg = new Acme.Registration(\"reg\", new()\n {\n AccountKeyPem = privateKey.PrivateKeyPem,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-tls/sdk/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-acme/sdk/go/acme\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivateKey, err := tls.NewPrivateKey(ctx, \"private_key\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: \"RSA\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acme.NewRegistration(ctx, \"reg\", \u0026acme.RegistrationArgs{\n\t\t\tAccountKeyPem: privateKey.PrivateKeyPem,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.acme.Registration;\nimport com.pulumi.acme.RegistrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var privateKey = new PrivateKey(\"privateKey\", PrivateKeyArgs.builder()\n .algorithm(\"RSA\")\n .build());\n\n var reg = new Registration(\"reg\", RegistrationArgs.builder()\n .accountKeyPem(privateKey.privateKeyPem())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n privateKey:\n type: tls:PrivateKey\n name: private_key\n properties:\n algorithm: RSA\n reg:\n type: acme:Registration\n properties:\n accountKeyPem: ${privateKey.privateKeyPem}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n#### Argument Reference\n\n\u003e **NOTE:** All arguments in \u003cspan pulumi-lang-nodejs=\"`acme.Registration`\" pulumi-lang-dotnet=\"`acme.Registration`\" pulumi-lang-go=\"`Registration`\" pulumi-lang-python=\"`Registration`\" pulumi-lang-yaml=\"`acme.Registration`\" pulumi-lang-java=\"`acme.Registration`\"\u003e`acme.Registration`\u003c/span\u003e force a new resource if\nchanged.\n\nThe resource takes the following arguments:\n\n* \u003cspan pulumi-lang-nodejs=\"`accountKeyPem`\" pulumi-lang-dotnet=\"`AccountKeyPem`\" pulumi-lang-go=\"`accountKeyPem`\" pulumi-lang-python=\"`account_key_pem`\" pulumi-lang-yaml=\"`accountKeyPem`\" pulumi-lang-java=\"`accountKeyPem`\"\u003e`accountKeyPem`\u003c/span\u003e (Optional) - The private key used to identify the account.\n If not provided, the key will be generated according to the\n \u003cspan pulumi-lang-nodejs=\"`accountKeyAlgorithm`\" pulumi-lang-dotnet=\"`AccountKeyAlgorithm`\" pulumi-lang-go=\"`accountKeyAlgorithm`\" pulumi-lang-python=\"`account_key_algorithm`\" pulumi-lang-yaml=\"`accountKeyAlgorithm`\" pulumi-lang-java=\"`accountKeyAlgorithm`\"\u003e`accountKeyAlgorithm`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`accountKeyEcdsaCurve`\" pulumi-lang-dotnet=\"`AccountKeyEcdsaCurve`\" pulumi-lang-go=\"`accountKeyEcdsaCurve`\" pulumi-lang-python=\"`account_key_ecdsa_curve`\" pulumi-lang-yaml=\"`accountKeyEcdsaCurve`\" pulumi-lang-java=\"`accountKeyEcdsaCurve`\"\u003e`accountKeyEcdsaCurve`\u003c/span\u003e, and\n \u003cspan pulumi-lang-nodejs=\"`accountKeyRsaBits`\" pulumi-lang-dotnet=\"`AccountKeyRsaBits`\" pulumi-lang-go=\"`accountKeyRsaBits`\" pulumi-lang-python=\"`account_key_rsa_bits`\" pulumi-lang-yaml=\"`accountKeyRsaBits`\" pulumi-lang-java=\"`accountKeyRsaBits`\"\u003e`accountKeyRsaBits`\u003c/span\u003e settings.\n* \u003cspan pulumi-lang-nodejs=\"`accountKeyAlgorithm`\" pulumi-lang-dotnet=\"`AccountKeyAlgorithm`\" pulumi-lang-go=\"`accountKeyAlgorithm`\" pulumi-lang-python=\"`account_key_algorithm`\" pulumi-lang-yaml=\"`accountKeyAlgorithm`\" pulumi-lang-java=\"`accountKeyAlgorithm`\"\u003e`accountKeyAlgorithm`\u003c/span\u003e (Optional) - The algorithm to use for the private key\n when generating from scratch. Supported settings: `RSA` and `EDCSA`. Default\n settings: `ECDSA`.\n* \u003cspan pulumi-lang-nodejs=\"`accountKeyEcdsaCurve`\" pulumi-lang-dotnet=\"`AccountKeyEcdsaCurve`\" pulumi-lang-go=\"`accountKeyEcdsaCurve`\" pulumi-lang-python=\"`account_key_ecdsa_curve`\" pulumi-lang-yaml=\"`accountKeyEcdsaCurve`\" pulumi-lang-java=\"`accountKeyEcdsaCurve`\"\u003e`accountKeyEcdsaCurve`\u003c/span\u003e (Optional) - ECDSA curve to use for ECDSA key\n types. Supported settings: `P256` and `P384`. Default: `P384`.\n* \u003cspan pulumi-lang-nodejs=\"`accountKeyRsaBits`\" pulumi-lang-dotnet=\"`AccountKeyRsaBits`\" pulumi-lang-go=\"`accountKeyRsaBits`\" pulumi-lang-python=\"`account_key_rsa_bits`\" pulumi-lang-yaml=\"`accountKeyRsaBits`\" pulumi-lang-java=\"`accountKeyRsaBits`\"\u003e`accountKeyRsaBits`\u003c/span\u003e (Optional) - The key length to use for RSA key types.\n Supported settings: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`3072`\" pulumi-lang-dotnet=\"`3072`\" pulumi-lang-go=\"`3072`\" pulumi-lang-python=\"`3072`\" pulumi-lang-yaml=\"`3072`\" pulumi-lang-java=\"`3072`\"\u003e`3072`\u003c/span\u003e, and \u003cspan pulumi-lang-nodejs=\"`4096`\" pulumi-lang-dotnet=\"`4096`\" pulumi-lang-go=\"`4096`\" pulumi-lang-python=\"`4096`\" pulumi-lang-yaml=\"`4096`\" pulumi-lang-java=\"`4096`\"\u003e`4096`\u003c/span\u003e. Default: \u003cspan pulumi-lang-nodejs=\"`4096`\" pulumi-lang-dotnet=\"`4096`\" pulumi-lang-go=\"`4096`\" pulumi-lang-python=\"`4096`\" pulumi-lang-yaml=\"`4096`\" pulumi-lang-java=\"`4096`\"\u003e`4096`\u003c/span\u003e.\n* \u003cspan pulumi-lang-nodejs=\"`emailAddress`\" pulumi-lang-dotnet=\"`EmailAddress`\" pulumi-lang-go=\"`emailAddress`\" pulumi-lang-python=\"`email_address`\" pulumi-lang-yaml=\"`emailAddress`\" pulumi-lang-java=\"`emailAddress`\"\u003e`emailAddress`\u003c/span\u003e (Optional) - The contact email address for the account.\n\n\u003e Note that Let's Encrypt no longer sends expiry emails, and only uses this\nfield for possible email list onboarding (see\n\u003chttps://letsencrypt.org/2025/06/26/expiration-notification-service-has-ended\u003e).\nAs such, it is not recommended to set this field when using Let's Encrypt.\nOther CAs may or may not require this field - consult the documentation of the\nCA you are using in this case.\n\n* \u003cspan pulumi-lang-nodejs=\"`externalAccountBinding`\" pulumi-lang-dotnet=\"`ExternalAccountBinding`\" pulumi-lang-go=\"`externalAccountBinding`\" pulumi-lang-python=\"`external_account_binding`\" pulumi-lang-yaml=\"`externalAccountBinding`\" pulumi-lang-java=\"`externalAccountBinding`\"\u003e`externalAccountBinding`\u003c/span\u003e (Optional) - An external account binding for the\n registration, usually used to link the registration with an account in a\n commercial CA. Sub-options are:\n - \u003cspan pulumi-lang-nodejs=\"`keyId`\" pulumi-lang-dotnet=\"`KeyId`\" pulumi-lang-go=\"`keyId`\" pulumi-lang-python=\"`key_id`\" pulumi-lang-yaml=\"`keyId`\" pulumi-lang-java=\"`keyId`\"\u003e`keyId`\u003c/span\u003e (Required): The key ID for the external account binding.\n - \u003cspan pulumi-lang-nodejs=\"`hmacBase64`\" pulumi-lang-dotnet=\"`HmacBase64`\" pulumi-lang-go=\"`hmacBase64`\" pulumi-lang-python=\"`hmac_base64`\" pulumi-lang-yaml=\"`hmacBase64`\" pulumi-lang-java=\"`hmacBase64`\"\u003e`hmacBase64`\u003c/span\u003e (Required): The base64-encoded message authentication code\n for the external account binding.\n\n#### Attribute Reference\n\nThe following attributes are exported:\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e: The original full URL of the account.\n* \u003cspan pulumi-lang-nodejs=\"`accountKeyPem`\" pulumi-lang-dotnet=\"`AccountKeyPem`\" pulumi-lang-go=\"`accountKeyPem`\" pulumi-lang-python=\"`account_key_pem`\" pulumi-lang-yaml=\"`accountKeyPem`\" pulumi-lang-java=\"`accountKeyPem`\"\u003e`accountKeyPem`\u003c/span\u003e: The private key used to identify the account (will be\n generated if not provided).\n* \u003cspan pulumi-lang-nodejs=\"`registrationUrl`\" pulumi-lang-dotnet=\"`RegistrationUrl`\" pulumi-lang-go=\"`registrationUrl`\" pulumi-lang-python=\"`registration_url`\" pulumi-lang-yaml=\"`registrationUrl`\" pulumi-lang-java=\"`registrationUrl`\"\u003e`registrationUrl`\u003c/span\u003e: The current full URL of the account.\n\n\u003e \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e and \u003cspan pulumi-lang-nodejs=\"`registrationUrl`\" pulumi-lang-dotnet=\"`RegistrationUrl`\" pulumi-lang-go=\"`registrationUrl`\" pulumi-lang-python=\"`registration_url`\" pulumi-lang-yaml=\"`registrationUrl`\" pulumi-lang-java=\"`registrationUrl`\"\u003e`registrationUrl`\u003c/span\u003e will usually be the same and will usually only\ndiverge when migrating protocols, ie: ACME v1 to v2.\n", "properties": { "accountKeyAlgorithm": { "type": "string" }, "accountKeyEcdsaCurve": { "type": "string" }, "accountKeyPem": { "type": "string", "secret": true }, "accountKeyRsaBits": { "type": "integer" }, "emailAddress": { "type": "string" }, "externalAccountBinding": { "$ref": "#/types/acme:index/RegistrationExternalAccountBinding:RegistrationExternalAccountBinding" }, "registrationUrl": { "type": "string" } }, "required": [ "accountKeyPem", "registrationUrl" ], "inputProperties": { "accountKeyAlgorithm": { "type": "string", "willReplaceOnChanges": true }, "accountKeyEcdsaCurve": { "type": "string", "willReplaceOnChanges": true }, "accountKeyPem": { "type": "string", "secret": true, "willReplaceOnChanges": true }, "accountKeyRsaBits": { "type": "integer", "willReplaceOnChanges": true }, "emailAddress": { "type": "string", "willReplaceOnChanges": true }, "externalAccountBinding": { "$ref": "#/types/acme:index/RegistrationExternalAccountBinding:RegistrationExternalAccountBinding", "willReplaceOnChanges": true } }, "stateInputs": { "description": "Input properties used for looking up and filtering Registration resources.\n", "properties": { "accountKeyAlgorithm": { "type": "string", "willReplaceOnChanges": true }, "accountKeyEcdsaCurve": { "type": "string", "willReplaceOnChanges": true }, "accountKeyPem": { "type": "string", "secret": true, "willReplaceOnChanges": true }, "accountKeyRsaBits": { "type": "integer", "willReplaceOnChanges": true }, "emailAddress": { "type": "string", "willReplaceOnChanges": true }, "externalAccountBinding": { "$ref": "#/types/acme:index/RegistrationExternalAccountBinding:RegistrationExternalAccountBinding", "willReplaceOnChanges": true }, "registrationUrl": { "type": "string" } }, "type": "object" } } }, "functions": { "acme:index/getServerUrl:getServerUrl": { "description": "## #\u003cspan pulumi-lang-nodejs=\" acme.getServerUrl\n\" pulumi-lang-dotnet=\" acme.getServerUrl\n\" pulumi-lang-go=\" getServerUrl\n\" pulumi-lang-python=\" get_server_url\n\" pulumi-lang-yaml=\" acme.getServerUrl\n\" pulumi-lang-java=\" acme.getServerUrl\n\"\u003e acme.getServerUrl\n\u003c/span\u003e\nThe \u003cspan pulumi-lang-nodejs=\"`acme.getServerUrl`\" pulumi-lang-dotnet=\"`acme.getServerUrl`\" pulumi-lang-go=\"`getServerUrl`\" pulumi-lang-python=\"`get_server_url`\" pulumi-lang-yaml=\"`acme.getServerUrl`\" pulumi-lang-java=\"`acme.getServerUrl`\"\u003e`acme.getServerUrl`\u003c/span\u003e data source can be used to retrieve the CA server URL\nthat the provider is currently configured for.\n\n## Example\n\nThe following example populates the \u003cspan pulumi-lang-nodejs=\"`serverUrl`\" pulumi-lang-dotnet=\"`ServerUrl`\" pulumi-lang-go=\"`serverUrl`\" pulumi-lang-python=\"`server_url`\" pulumi-lang-yaml=\"`serverUrl`\" pulumi-lang-java=\"`serverUrl`\"\u003e`serverUrl`\u003c/span\u003e output with the currently\nconfigured CA server URL.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as acme from \"@pulumiverse/acme\";\n\nconst url = acme.getServerUrl({});\nexport const serverUrl = url.then(url =\u003e url.serverUrl);\n```\n```python\nimport pulumi\nimport pulumi_acme as acme\n\nurl = acme.get_server_url()\npulumi.export(\"serverUrl\", url.server_url)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Acme = Pulumiverse.Acme;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var url = Acme.GetServerUrl.Invoke();\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"serverUrl\"] = url.Apply(getServerUrlResult =\u003e getServerUrlResult.ServerUrl),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-acme/sdk/go/acme\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\turl, err := acme.GetServerUrl(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"serverUrl\", url.ServerUrl)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.acme.AcmeFunctions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var url = AcmeFunctions.getServerUrl(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);\n\n ctx.export(\"serverUrl\", url.serverUrl());\n }\n}\n```\n```yaml\nvariables:\n url:\n fn::invoke:\n function: acme:getServerUrl\n arguments: {}\noutputs:\n serverUrl: ${url.serverUrl}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n#### Argument Reference\n\nThis data source takes no arguments.\n\n#### Attribute Reference\n\nThe following attributes are exported:\n\n* \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e: the CA server URL that the provider is currently configured for. \n* \u003cspan pulumi-lang-nodejs=\"`serverUrl`\" pulumi-lang-dotnet=\"`ServerUrl`\" pulumi-lang-go=\"`serverUrl`\" pulumi-lang-python=\"`server_url`\" pulumi-lang-yaml=\"`serverUrl`\" pulumi-lang-java=\"`serverUrl`\"\u003e`serverUrl`\u003c/span\u003e: the CA server URL that the provider is currently configured\n for. Same as \u003cspan pulumi-lang-nodejs=\"`id`\" pulumi-lang-dotnet=\"`Id`\" pulumi-lang-go=\"`id`\" pulumi-lang-python=\"`id`\" pulumi-lang-yaml=\"`id`\" pulumi-lang-java=\"`id`\"\u003e`id`\u003c/span\u003e.\n", "outputs": { "description": "A collection of values returned by getServerUrl.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.", "type": "string" }, "serverUrl": { "type": "string" } }, "required": [ "serverUrl", "id" ], "type": "object" } }, "pulumi:providers:acme/terraformConfig": { "description": "This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.", "inputs": { "properties": { "__self__": { "type": "ref", "$ref": "#/provider" } }, "type": "pulumi:providers:acme/terraformConfig", "required": [ "__self__" ] }, "outputs": { "properties": { "result": { "additionalProperties": { "$ref": "pulumi.json#/Any" }, "type": "object" } }, "required": [ "result" ], "type": "object" } } } }