Certificate health in our API

We'll assume you've already got the API authentication settled and you have our API key with you.

Retrieving info on the certificate health

If a site has an enabled certificate health check you can get some info on the detected certificate /api/certificate-health endpoint. To use this endpoint you'll need to now the site id of your site. You can get all sites ids by calling the get all sites enpoint.

Here's an example where we get the certificate health of the site with ID 1.

$ curl https://ohdear.app/api/certificate-health/1 \
    -H 'Authorization: Bearer bgUKSWYL30iHg5w0WTDGHfubt5L1HBTr0atAehCeSqwNTqkU9rOmsNEmWf6Y' \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json'

The output will be an object with these 3 keys:

  • certificate_details: an array with some details on the detected certifcate
  • certificate_checks: an array with info on the checks we performed on the certificate
  • certificate_chain_issuers: an array containing the names of all the issuers in the certificate chain

Here's what it looks like.

{
   "certificate_details":{
      "issuer":"Let's Encrypt Authority X3",
      "valid_from":"2018-08-25 17:35:38",
      "valid_until":"2018-11-23 17:35:38"
   },
   "certificate_checks":[
      {
         "type":"expiresSoon",
         "label":"Will not expire in the next 14 days",
         "result":false
      },
      {
         "type":"invalidChain",
         "label":"Has a valid chain",
         "result":false
      },
      {
         "type":"coversWrongDomain",
         "label":"Covers the right domain",
         "result":false
      },
      {
         "type":"doesNotConnectWithRootCertificate",
         "label":"Connects with a root certificate",
         "result":false
      },
      {
         "type":"notYetActive",
         "label":"Is currently active",
         "result":false
      },
      {
         "type":"isSelfSigned",
         "label":"Is not self signed",
         "result":false
      },
      {
         "type":"usesInvalidHash",
         "label":"Uses valid hash",
         "result":false
      },
      {
         "type":"hasExpired",
         "label":"Has not expired",
         "result":false
      },
      {
         "type":"hasChanged",
         "label":"Unchanged since last checked",
         "result":false
      }
   ],
   "certificate_chain_issuers":[
      "US, Let's Encrypt, Let's Encrypt Authority X3",
      "Digital Signature Trust Co., DST Root CA X3"
   ]
}

To determine the overal health of the certificate, you can look at all the checks in the certificate_checks result. Those with a value of "result":true have a failed check.