ol.clave.automation.impl.config

resolve-config

(resolve-config system domain)

Merge global config with per-domain overrides.

Returns the resolved configuration for a specific domain by merging the global config with any per-domain overrides from config-fn.

If config-fn is nil or returns nil, returns the global config unchanged.

key description

system

System map containing :config and optional :config-fn

domain

Domain name to resolve configuration for

source

select-issuer

(select-issuer config)

Select issuers based on the issuer-selection policy.

Returns the issuers in the appropriate order based on :issuer-selection: - :in-order (default) - return issuers in original order - :shuffle - return issuers in random order

key description

config

Configuration with :issuers and optional :issuer-selection

source

lets-encrypt-production-url

Let’s Encrypt production directory URL.

source

default-config

(default-config)

Returns the default configuration for the automation layer.

Default values: - Issuer: Let’s Encrypt production - Key type: P256 (ECDSA) - OCSP: enabled, must-staple disabled - ARI: enabled - Key reuse: disabled - Cache capacity: unlimited

source

issuer-key-from-url

(issuer-key-from-url url)

Extract issuer key from directory URL.

Returns a unique identifier for the issuer based on the URL’s host and path.

key description

url

ACME directory URL

source

cert-storage-key

(cert-storage-key issuer-key domain)

Generate storage key for a certificate PEM file.

Format: certificates/{issuer-key}/{domain}/{domain}.crt

key description

issuer-key

Issuer identifier (hostname from directory URL)

domain

Primary domain name

source

key-storage-key

(key-storage-key issuer-key domain)

Generate storage key for a private key PEM file.

Format: certificates/{issuer-key}/{domain}/{domain}.key

key description

issuer-key

Issuer identifier (hostname from directory URL)

domain

Primary domain name

source

meta-storage-key

(meta-storage-key issuer-key domain)

Generate storage key for certificate metadata EDN file.

Format: certificates/{issuer-key}/{domain}/{domain}.edn

key description

issuer-key

Issuer identifier (hostname from directory URL)

domain

Primary domain name

source

certs-prefix

(certs-prefix issuer-key)

Generate storage prefix for listing certificates under an issuer.

Format: certificates/{issuer-key}

key description

issuer-key

Issuer identifier (hostname from directory URL)

source

account-private-key-storage-key

(account-private-key-storage-key issuer-key)

Generate storage key for an account private key PEM file.

Format: accounts/{issuer-key}/account.key

key description

issuer-key

Issuer identifier (hostname from directory URL)

source

account-public-key-storage-key

(account-public-key-storage-key issuer-key)

Generate storage key for an account public key PEM file.

key description

issuer-key

Issuer identifier (hostname from directory URL)

source

account-registration-storage-key

(account-registration-storage-key issuer-key)

Generate storage key for account registration EDN.

Format: accounts/{issuer-key}/registration.edn

Contains the account KID (URL) returned by the CA after registration, allowing subsequent operations to skip the newAccount call.

source

ocsp-storage-key

(ocsp-storage-key issuer-key domain)

Generate storage key for an OCSP staple file.

Format: certificates/{issuer-key}/{domain}/{domain}.ocsp

The OCSP staple is stored as raw DER-encoded bytes.

key description

issuer-key

Issuer identifier (hostname from directory URL)

domain

Primary domain name

source

compromised-key-storage-key

(compromised-key-storage-key domain timestamp)

Generate storage key for archiving a compromised private key.

Format: keys/{domain}.compromised.{timestamp}

Compromised keys are archived for audit purposes and never reused.

key description

domain

Primary domain name

timestamp

ISO-8601 timestamp when key was marked compromised

source

ari-storage-key

(ari-storage-key issuer-key domain)

Generate storage key for ARI (ACME Renewal Information) data.

Format: certificates/{issuer-key}/{domain}/{domain}.ari.edn

The ARI data is stored as EDN containing suggested-window, selected-time, and retry-after.

key description

issuer-key

Issuer identifier (hostname from directory URL)

domain

Primary domain name

source

challenge-token-storage-key

(challenge-token-storage-key issuer-key identifier)

Generate storage key for a challenge token (distributed solving).

Format: challenge_tokens/{issuer-key}/{identifier}.edn

Used to store challenge data so any instance in a cluster can serve the challenge response for HTTP-01 or TLS-ALPN-01 validation.

key description

issuer-key

Issuer identifier (hostname from directory URL)

identifier

Domain or IP address being validated

source

select-chain

(select-chain preference chains)

Select a certificate chain based on preference.

Preferences: - :any (default) - return first chain offered - :shortest - return chain with fewest certificates - {:root "Root CA Name"} - return chain with matching root name

Returns nil if chains is empty. Falls back to first chain if root name not found.

key description

preference

Chain preference (:any, :shortest, or {:root name})

chains

Sequence of chain maps with :chain (certs) and :root-name

source