TLS Certificates

Upload your own TLS certificate to terminate MQTTS on your custom domain.

Upload a certificate

IOTMER accepts PEM or PFX (PKCS#12) format.

PEM upload

1. Go to Domains → Certificates → Upload
2. Paste or upload your certificate chain (fullchain.pem) and private key
3. Click Upload

PFX upload

First parse the PFX to extract the components:

POST /workspaces/{id}/certificates/parse-pfx
Content-Type: multipart/form-data

file=<your.pfx>
passphrase=<optional>

Then upload the extracted certificate and key.

Deploy a certificate

After uploading, attach the certificate to a domain:

1. Go to Domains → Certificates
2. Click Deploy next to the certificate
3. Select the domain to attach it to

POST /workspaces/{id}/certificates/{cert_id}/deployments
Content-Type: application/json

{ "domain_id": "<domain-ulid>" }

Certificate expiry

Monitor expiry dates in the Certificates list. IOTMER does not auto-renew — you must upload a new certificate before expiry and redeploy.

Let's Encrypt

If you use Let's Encrypt, automate renewal with certbot and update the certificate via the API on renewal.

API

• GET /workspaces/{id}/certificates
• POST /workspaces/{id}/certificates
• GET /workspaces/{id}/certificates/{cert_id}