create_certificate
Provision SSL certificates for domains across multiple providers. Automatically retrieves certificates from Porkbun or configures them via Cloudflare's Advanced Certificate Manager to secure websites with HTTPS.
Instructions
Provision SSL certificate. On Porkbun, retrieves auto-provisioned cert (no explicit create needed). On Cloudflare, requires Advanced Certificate Manager.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | ||
| provider | No | Provider name, or omit to auto-detect |
Implementation Reference
- src/tools/ssl.ts:11-15 (handler)Main handler function that executes the create_certificate tool logic. It resolves the provider for the domain, validates SSL support, and calls the provider's createCertificate method.
export async function handleCreateCertificate(input: { domain: string; provider?: string }, registry: ProviderRegistry) { const provider = input.provider ? registry.get(input.provider) : await registry.resolveProviderForDomain(input.domain); assertSsl(provider.name(), (f) => provider.supports(f)); return provider.createCertificate(input.domain); } - src/server.ts:199-210 (registration)Tool registration with MCP server. Defines the tool name 'create_certificate', description, input schema (domain and optional provider), and wires up the handleCreateCertificate handler.
server.tool('create_certificate', 'Provision SSL certificate. On Porkbun, retrieves auto-provisioned cert (no explicit create needed). On Cloudflare, requires Advanced Certificate Manager.', { domain: domainSchema, provider: z.string().optional().describe('Provider name, or omit to auto-detect'), }, async (input) => { try { const { handleCreateCertificate } = await import('./tools/ssl.js'); const result = await handleCreateCertificate(input as { domain: string; provider?: string }, registry); return { content: [{ type: 'text', text: JSON.stringify(result) }] }; } catch (err) { return { content: [{ type: 'text', text: formatErrorForAgent(err) }], isError: true }; } }); - src/providers/types.ts:99-99 (schema)Type definition for the createCertificate method in the Provider interface, specifying it takes a domain string and returns a Promise<Certificate>.
createCertificate(domain: string): Promise<Certificate>; - src/providers/types.ts:42-52 (schema)Certificate interface defining the return type structure with id, domain, status, optional timestamps, and certificate material (chain and private key).
export interface Certificate { id: string; domain: string; status: 'pending' | 'active' | 'expired' | 'failed'; expiresAt?: string; issuedAt?: string; /** PEM certificate chain (leaf + intermediates). Only returned by providers that expose certificate material (e.g. Porkbun). */ certificateChain?: string; /** PEM private key. Treat as a secret — store securely and do not log. Only returned by providers that expose certificate material (e.g. Porkbun). */ privateKey?: string; } - Concrete implementation of createCertificate for the Porkbun provider. Calls the client API and transforms the raw response into a Certificate object.
async createCertificate(domain: string): Promise<Certificate> { const raw = await this.client.createCertificate(domain) as { id: string; domain: string; status: string; certificate?: string; privatekey?: string }; return { id: raw.id, domain: raw.domain, status: raw.status as Certificate['status'], ...(raw.certificate ? { certificateChain: raw.certificate } : {}), ...(raw.privatekey ? { privateKey: raw.privatekey } : {}), }; }