POST /api/domain/complete-certificate/
Completes the Letβs Encrypt certificate request after the user has added the TXT record. This is Step 2 of the SSL flow.Purpose
This endpoint:- Validates the DNS challenge with Letβs Encrypt
- Issues the SSL certificate
- Imports the certificate to AWS ACM
- Attaches the certificate to CloudFront
Architecture
Internal Services
complete_certificate_request
Responds to the ACME challenge and retrieves the issued certificate. Location:src/app/apis/domain/shared/letsencrypt/certificate_service.py
attach_certificate_to_cloudfront
Updates the CloudFront distribution to use the new SSL certificate. Location:src/app/apis/domain/shared/letsencrypt/certificate_service.py
DNS Precheck
Before attempting the ACME challenge, the endpoint performs a best-effort DNS lookup against:- Cloudflare DNS (1.1.1.1)
- Google DNS (8.8.8.8)
Response Fields
| Field | Type | Description |
|---|---|---|
status | string | βsuccessβ or error |
proxy_status | string | Updated to βSSL_VALIDATEDβ |
certificate_arn | string | ACM certificate ARN |
message | string | Human-readable status message |