naftiko: 1.0.0-alpha2 info: label: Let's Encrypt ACME API description: The ACME (Automatic Certificate Management Environment) protocol API used by Let's Encrypt to automate the issuance, renewal, and revocation of TLS certificates. Implements RFC 8555. tags: - Lets - Encrypt - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: lets-encrypt baseUri: https://acme-v02.api.letsencrypt.org description: Let's Encrypt ACME API HTTP API. resources: - name: directory path: /directory operations: - name: getdirectory method: GET description: Get ACME directory outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-new-acct path: /acme/new-acct operations: - name: newaccount method: POST description: Create or look up an account outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-acct-accountid path: /acme/acct/{accountId} operations: - name: updateaccount method: POST description: Update or deactivate account inputParameters: - name: accountId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-new-order path: /acme/new-order operations: - name: neworder method: POST description: Submit a new certificate order outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-order-orderid path: /acme/order/{orderId} operations: - name: getorder method: POST description: Get order status inputParameters: - name: orderId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-finalize-orderid path: /acme/finalize/{orderId} operations: - name: finalizeorder method: POST description: Finalize an order with a CSR inputParameters: - name: orderId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-authz-authzid path: /acme/authz/{authzId} operations: - name: getauthorization method: POST description: Get authorization status inputParameters: - name: authzId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-chall-challengeid path: /acme/chall/{challengeId} operations: - name: respondchallenge method: POST description: Respond to a challenge inputParameters: - name: challengeId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-cert-certid path: /acme/cert/{certId} operations: - name: getcertificate method: POST description: Download issued certificate inputParameters: - name: certId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-revoke-cert path: /acme/revoke-cert operations: - name: revokecertificate method: POST description: Revoke a certificate outputRawFormat: json outputParameters: - name: result type: object value: $. - name: acme-key-change path: /acme/key-change operations: - name: keychange method: POST description: Rotate account key outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: lets-encrypt-rest description: REST adapter for Let's Encrypt ACME API. resources: - path: /directory name: getdirectory operations: - method: GET name: getdirectory description: Get ACME directory call: lets-encrypt.getdirectory outputParameters: - type: object mapping: $. - path: /acme/new-acct name: newaccount operations: - method: POST name: newaccount description: Create or look up an account call: lets-encrypt.newaccount outputParameters: - type: object mapping: $. - path: /acme/acct/{accountId} name: updateaccount operations: - method: POST name: updateaccount description: Update or deactivate account call: lets-encrypt.updateaccount with: accountId: rest.accountId outputParameters: - type: object mapping: $. - path: /acme/new-order name: neworder operations: - method: POST name: neworder description: Submit a new certificate order call: lets-encrypt.neworder outputParameters: - type: object mapping: $. - path: /acme/order/{orderId} name: getorder operations: - method: POST name: getorder description: Get order status call: lets-encrypt.getorder with: orderId: rest.orderId outputParameters: - type: object mapping: $. - path: /acme/finalize/{orderId} name: finalizeorder operations: - method: POST name: finalizeorder description: Finalize an order with a CSR call: lets-encrypt.finalizeorder with: orderId: rest.orderId outputParameters: - type: object mapping: $. - path: /acme/authz/{authzId} name: getauthorization operations: - method: POST name: getauthorization description: Get authorization status call: lets-encrypt.getauthorization with: authzId: rest.authzId outputParameters: - type: object mapping: $. - path: /acme/chall/{challengeId} name: respondchallenge operations: - method: POST name: respondchallenge description: Respond to a challenge call: lets-encrypt.respondchallenge with: challengeId: rest.challengeId outputParameters: - type: object mapping: $. - path: /acme/cert/{certId} name: getcertificate operations: - method: POST name: getcertificate description: Download issued certificate call: lets-encrypt.getcertificate with: certId: rest.certId outputParameters: - type: object mapping: $. - path: /acme/revoke-cert name: revokecertificate operations: - method: POST name: revokecertificate description: Revoke a certificate call: lets-encrypt.revokecertificate outputParameters: - type: object mapping: $. - path: /acme/key-change name: keychange operations: - method: POST name: keychange description: Rotate account key call: lets-encrypt.keychange outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: lets-encrypt-mcp transport: http description: MCP adapter for Let's Encrypt ACME API for AI agent use. tools: - name: getdirectory description: Get ACME directory hints: readOnly: true destructive: false idempotent: true call: lets-encrypt.getdirectory outputParameters: - type: object mapping: $. - name: newaccount description: Create or look up an account hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.newaccount outputParameters: - type: object mapping: $. - name: updateaccount description: Update or deactivate account hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.updateaccount with: accountId: tools.accountId inputParameters: - name: accountId type: string description: accountId required: true outputParameters: - type: object mapping: $. - name: neworder description: Submit a new certificate order hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.neworder outputParameters: - type: object mapping: $. - name: getorder description: Get order status hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.getorder with: orderId: tools.orderId inputParameters: - name: orderId type: string description: orderId required: true outputParameters: - type: object mapping: $. - name: finalizeorder description: Finalize an order with a CSR hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.finalizeorder with: orderId: tools.orderId inputParameters: - name: orderId type: string description: orderId required: true outputParameters: - type: object mapping: $. - name: getauthorization description: Get authorization status hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.getauthorization with: authzId: tools.authzId inputParameters: - name: authzId type: string description: authzId required: true outputParameters: - type: object mapping: $. - name: respondchallenge description: Respond to a challenge hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.respondchallenge with: challengeId: tools.challengeId inputParameters: - name: challengeId type: string description: challengeId required: true outputParameters: - type: object mapping: $. - name: getcertificate description: Download issued certificate hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.getcertificate with: certId: tools.certId inputParameters: - name: certId type: string description: certId required: true outputParameters: - type: object mapping: $. - name: revokecertificate description: Revoke a certificate hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.revokecertificate outputParameters: - type: object mapping: $. - name: keychange description: Rotate account key hints: readOnly: false destructive: false idempotent: false call: lets-encrypt.keychange outputParameters: - type: object mapping: $.