Understanding the configurations

Terraform configuration files such as main.tf, variable.tf, output.tf, and terraform.auto.tfvars are provided as examples to quickly start using the Sectigo Terraform provider.

Terraform, provider and resource blocks

The configuration file main.tf provides examples of terraform, provider, and resource blocks.

"terraform {
  required_providers {
    sectigo = {
      source  = ""<my_domain>/<my_namaspace>/sectigo""
      version = "">= 2.x.x""
    }
  }
}"

provider "sectigo" {
    username = var.SECTIGO_CM_LOGIN
    password = var.SECTIGO_CM_PWD
    customer_uri = var.SECTIGO_CM_CUSTOMERURI
}

resource "sectigo_certificate" "ssl_certificate" {
    base_url = var.sectigo_ssl_cert_cm_base_url
    orgid = var.sectigo_cm_org_id

    cert_file_path = var.sectigo_ssl_cert_file_path
    cert_file_name = var.sectigo_ssl_cert_file_name
    cert_type = var.sectigo_ssl_cert_type
    cert_config_type = var.sectigo_ssl_cert_config_type
    cert_validity = var.sectigo_ssl_cert_validity

# ...and so on.

}

Configuration reference

The following attributes are contained in the provider block and provide the credentials for connecting to SCM.

Argument Environment Variable Type Description

Argument	Environment Variable	Type	Description
`username`	`TF_VAR_SECTIGO_CM_USER`	Mandatory	The user’s Sectigo username
`password`	`TF_VAR_SECTIGO_CM_PASSWORD`	Conditional	The user’s Sectigo password. Required for password authentication to SCM.
`customer_uri`	`TF_VAR_SECTIGO_CM_URI`	Mandatory	The user’s Sectigo URL
`auth_type`	`TF_VAR_SECTIGO_CM_AUTH_TYPE`	Conditional	Authentication type to use. Defaults to `password`. Required for client certificate authentication with value `client_cert`.
`client_cert`	`TF_VAR_SECTIGO_CM_CLIENT_CERT`	Conditional	Client certificate to use for authentication. Required for client certificate authentication.
`private_key`	`TF_VAR_SECTIGO_CM_PRIVATE_KEY`	Conditional	Private key associated with client certificate. Required for client certificate authentication.

username

TF_VAR_SECTIGO_CM_USER

Mandatory

The user’s Sectigo username

password

TF_VAR_SECTIGO_CM_PASSWORD

Conditional

The user’s Sectigo password.

Required for password authentication to SCM.

customer_uri

TF_VAR_SECTIGO_CM_URI

Mandatory

The user’s Sectigo URL

auth_type

TF_VAR_SECTIGO_CM_AUTH_TYPE

Conditional

Authentication type to use. Defaults to password.

Required for client certificate authentication with value client_cert.

client_cert

TF_VAR_SECTIGO_CM_CLIENT_CERT

Conditional

Client certificate to use for authentication.

Required for client certificate authentication.

private_key

TF_VAR_SECTIGO_CM_PRIVATE_KEY

Conditional

Private key associated with client certificate.

Required for client certificate authentication.

Argument reference

The following attributes are contained in the resource block and provide certificate management.

Argument Type Description

Argument	Type	Description
`auto_renew`	Mandatory	Automatically renew certificate if within renewal period.
`base_url`	Mandatory	The base URL of the Sectigo Certificate Manager. Path is similar to `https://<cm_base_url>/api/ssl/v1/` for SSL certificate management or `https://<cm_base_url>/api/smime/v1/` for S/MIME certificate management. Client certificate authentication requires `private` path in the URL `https://<cm_base_url>/private/api/*`.
`cert_comments`	Optional	Certificate comments for enrollment
`cert_config_type`	Mandatory	Certificate configuration type. Either `ssl_cert` for SSL or `client_cert` for S/MIME type.
`cert_ext_requester`	Optional	External requester containing a list of email addresses
`cert_file_name`	Mandatory	SSL certificate file name to save the certificate, CSR and private keys. Required for SSL/TLS certificates.
`cert_file_path`	Conditional	SSL certificate file path to save certificate files into. Required for SSL/TLS certificates.
`cert_format_type`	Conditional	Certificate format type to be downloaded. Required for SSL certificates.
`cert_num_servers`	Optional	Number of server licenses
`cert_type`	Mandatory	Certificate type ID for management
`cert_validity`	Mandatory	Certificate validity period
`cert_warning_days`	Conditional	Certificate warning days used for certificate if the `auto_renew` attribute is `true`.
`client_custom_fields`	Optional	Custom fields applied to requested certificate
`client_email_address`	Conditional	Client certificate email address for the user
`client_file_name`	Conditional	Client certificate file name to save the certificate, CSR and private keys. Required for S/MIME certificates.
`client_file_path`	Conditional	Client certificate file path to save certificates files into. Required for S/MIME certificates.
`client_first_name`	Conditional	Client certificate user’s first name. Required for S/MIME certificates.
`client_last_name`	Conditional	Client certificate user’s last name. Required for S/MIME certificates.
`client_middle_name`	Optional	Client certificate user’s middle name
`client_revoke_on_replace`	Optional	Client certificate revoke on replace
`country`	Conditional	Country field for generated CSR. Required if `external_csr_pem` is not provided.
`curve_length`	Conditional	Signing algorithm curve length. Required if `sign_algorithm_type` is `ECDSA`. Supported values are `P256`, `P384` and `P521`.
`domain`	Conditional	Domain name in the certificate Common Name(CN) field. Required if `external_csr_pem` is not provided.
`email_address`	Conditional	Certificate email address in the emailAddress field. Required if `external_csr_pem` is not provided.
`external_csr_pem`	Conditional	CSR provided by user. Require if CSR is being provided and not generated.
`locality`	Conditional	Location field for the generated CSR. Required if `external_csr_pem` is not provided.
`loop_period`	Mandatory	Looping period to check for certificate download
`max_timeout`	Mandatory	Maximum timeout for certificate download
`org_unit`	Conditional	Organizational unit for the generated CSR. Required if `external_csr_pem` is not provided.
`organization`	Conditional	Organization for the generated CSR. Required if `external_csr_pem` is not provided.
`orgid`	Mandatory	Sectigo CM organization identifier
`province`	Conditional	Province or state for the generated CSR. Required if `external_csr_pem` is not provided.
`reason`	Conditional	Reason for replace or revocation of certificate. Required for replace and revoke.
`rsa_bits`	Conditional	Signature algorithm bit size. Required if `sign_algorithm_type` is `RSA`.
`server_type`	Optional	Server type ID
`sign_algorithm_type`	Conditional	Signature algorithm either `RSA` or `ECDSA` for generated CSR. Required if `external_csr_pem` is not provided.
`ssl_custom_fields`	Optional	Customer fields to be applied to generated CSR
`subject_alt_names`	Optional	Subject alternate names to be applied to generated CSR

auto_renew

Mandatory

Automatically renew certificate if within renewal period.

base_url

Mandatory

The base URL of the Sectigo Certificate Manager. Path is similar to https://<cm_base_url>/api/ssl/v1/ for SSL certificate management or https://<cm_base_url>/api/smime/v1/ for S/MIME certificate management. Client certificate authentication requires private path in the URL https://<cm_base_url>/private/api/*.

cert_comments

Optional

Certificate comments for enrollment

cert_config_type

Mandatory

Certificate configuration type. Either ssl_cert for SSL or client_cert for S/MIME type.

cert_ext_requester

Optional

External requester containing a list of email addresses

cert_file_name

Mandatory

SSL certificate file name to save the certificate, CSR and private keys.

Required for SSL/TLS certificates.

cert_file_path

Conditional

SSL certificate file path to save certificate files into.

Required for SSL/TLS certificates.

cert_format_type

Conditional

Certificate format type to be downloaded. Required for SSL certificates.

cert_num_servers

Optional

Number of server licenses

cert_type

Mandatory

Certificate type ID for management

cert_validity

Mandatory

Certificate validity period

cert_warning_days

Conditional

Certificate warning days used for certificate if the auto_renew attribute is true.

client_custom_fields

Optional

Custom fields applied to requested certificate

client_email_address

Conditional

Client certificate email address for the user

client_file_name

Conditional

Client certificate file name to save the certificate, CSR and private keys.

Required for S/MIME certificates.

client_file_path

Conditional

Client certificate file path to save certificates files into.

Required for S/MIME certificates.

client_first_name

Conditional

Client certificate user’s first name.

Required for S/MIME certificates.

client_last_name

Conditional

Client certificate user’s last name.

Required for S/MIME certificates.

client_middle_name

Optional

Client certificate user’s middle name

client_revoke_on_replace

Optional

Client certificate revoke on replace

country

Conditional

Country field for generated CSR.

Required if external_csr_pem is not provided.

curve_length

Conditional

Signing algorithm curve length.

Required if sign_algorithm_type is ECDSA. Supported values are P256, P384 and P521.

domain

Conditional

Domain name in the certificate Common Name(CN) field.

Required if external_csr_pem is not provided.

email_address

Conditional

Certificate email address in the emailAddress field.

Required if external_csr_pem is not provided.

external_csr_pem

Conditional

CSR provided by user.

Require if CSR is being provided and not generated.

locality

Conditional

Location field for the generated CSR.

Required if external_csr_pem is not provided.

loop_period

Mandatory

Looping period to check for certificate download

max_timeout

Mandatory

Maximum timeout for certificate download

org_unit

Conditional

Organizational unit for the generated CSR.

Required if external_csr_pem is not provided.

organization

Conditional

Organization for the generated CSR.

Required if external_csr_pem is not provided.

orgid

Mandatory

Sectigo CM organization identifier

province

Conditional

Province or state for the generated CSR.

Required if external_csr_pem is not provided.

reason

Conditional

Reason for replace or revocation of certificate.

Required for replace and revoke.

rsa_bits

Conditional

Signature algorithm bit size.

Required if sign_algorithm_type is RSA.

server_type

Optional

Server type ID

sign_algorithm_type

Conditional

Signature algorithm either RSA or ECDSA for generated CSR.

Required if external_csr_pem is not provided.

ssl_custom_fields

Optional

Customer fields to be applied to generated CSR

subject_alt_names

Optional

Subject alternate names to be applied to generated CSR

Variable configuration

The variables.tf provides a mapping of variables and the attributes described in the Argument reference. The next section describes the variables defined in variables.tf and assigned in terraform.auto.tfvars. The example main.tf maps the arguments to these variables.

Credentials and connection parameters

Variable Argument Type Description

Variable	Argument	Type	Description
`SECTIGO_CM_USER`	`username`	Mandatory	The user’s Sectigo username
`SECTIGO_CM_PASSWORD`	`password`	Conditional	The user’s Sectigo password. Not required for client certificate authentication.
`SECTIGO_CM_URI`	`customer_uri`	Mandatory	The user’s Sectigo URL
`SECTIGO_CM_AUTH_TYPE`	`auth_type`	Conditional	The authentication type to use with SCM. Either `password` or `client_cert`. Defaults to `password`. Required for `client_cert`.
`SECTIGO_CM_CLIENT_CERT`	`client_cert`	Conditional	The client certificate in PEM format if authentication type is `client_cert`.
`SECTIGO_CM_PRIVATE_KEY`	`private_key`	Conditional	The private key associated with the client certificate if authentication type is `client_cert`.

SECTIGO_CM_USER

username

Mandatory

The user’s Sectigo username

SECTIGO_CM_PASSWORD

password

Conditional

The user’s Sectigo password.

Not required for client certificate authentication.

SECTIGO_CM_URI

customer_uri

Mandatory

The user’s Sectigo URL

SECTIGO_CM_AUTH_TYPE

auth_type

Conditional

The authentication type to use with SCM. Either password or client_cert. Defaults to password.

Required for client_cert.

SECTIGO_CM_CLIENT_CERT

client_cert

Conditional

The client certificate in PEM format if authentication type is client_cert.

SECTIGO_CM_PRIVATE_KEY

private_key

Conditional

The private key associated with the client certificate if authentication type is client_cert.

Establishing a connection with SCM requires the URL and organization identifier. The following table shows the connection arguments to these variables.

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_cm_org_id`	`orgid`	Mandatory	The customer’s organization ID
`sectigo_ssl_cert_cm_base_url`	`base_url`	Mandatory	The base URL of the Sectigo Certificate Manager (SSL). Path is similar to `https://<cm_base_url>/api/ssl/v1/`. Client certificates authentication appends `private` before `/api/ssl/v1`.
`sectigo_client_cert_cm_base_url`	`base_url`	Mandatory	The base URL of the Sectigo Certificate Manager (client). Path is similar to `https://<cm_base_url>/api/smime/v1/`. Client certificate authentication appends `private` before `/api/smime/v1`.

sectigo_cm_org_id

orgid

Mandatory

The customer’s organization ID

sectigo_ssl_cert_cm_base_url

base_url

Mandatory

The base URL of the Sectigo Certificate Manager (SSL). Path is similar to https://<cm_base_url>/api/ssl/v1/. Client certificates authentication appends private before /api/ssl/v1.

sectigo_client_cert_cm_base_url

base_url

Mandatory

The base URL of the Sectigo Certificate Manager (client). Path is similar to https://<cm_base_url>/api/smime/v1/. Client certificate authentication appends private before /api/smime/v1.

CSR parameters

The following parameters are required during the generation of the certificate signing request (CSR). Conditional variables are required if sectigo_csr is not provided.

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_csr_domain`	`domain`	Conditional	A single value for a domain which is included in the certificate Common Name (CN) field
`sectigo_csr_country`	`country`	Conditional	The country name which is included in the certificate Country (C) field
`sectigo_csr_state`	`province`	Conditional	The state/province name which is included in the certificate State (ST) field.
`sectigo_csr_location`	`locality`	Conditional	The location name which is included in the certificate Location (L) field.
`sectigo_csr_organization`	`organization`	Conditional	The organization name which is included in the certificate Organization (O) field.
`sectigo_csr_organization_unit`	`org_unit`	Conditional	The organization unit which is included in the certificate Organization Unit (OU) field.
`sectigo_csr_email_address`	`email_address`	Conditional	The email address which is included in the certificate emailAddress field.
`sectigo_csr_key_algo`	`sign_algorithm_type`	Conditional	The private key algorithm used to generate the private key. The default value is `RSA`.
`sectigo_csr_key_size`	`rsa_bits`	Conditional	The size of the SSL/TLS key to generate. The possible values are: 2048: for 2048-bit (default) 3072: for 3072-bit 4096: for 4096-bit
`sectigo_csr`	`external_csr_pem`	Conditional	The location where the existing `.csr` file is stored

sectigo_csr_domain

domain

Conditional

A single value for a domain which is included in the certificate Common Name (CN) field

sectigo_csr_country

country

Conditional

The country name which is included in the certificate Country (C) field

sectigo_csr_state

province

Conditional

The state/province name which is included in the certificate State (ST) field.

sectigo_csr_location

locality

Conditional

The location name which is included in the certificate Location (L) field.

sectigo_csr_organization

organization

Conditional

The organization name which is included in the certificate Organization (O) field.

sectigo_csr_organization_unit

org_unit

Conditional

The organization unit which is included in the certificate Organization Unit (OU) field.

sectigo_csr_email_address

email_address

Conditional

The email address which is included in the certificate emailAddress field.

sectigo_csr_key_algo

sign_algorithm_type

Conditional

The private key algorithm used to generate the private key. The default value is RSA.

sectigo_csr_key_size

rsa_bits

Conditional

The size of the SSL/TLS key to generate. The possible values are:

2048: for 2048-bit (default)
3072: for 3072-bit
4096: for 4096-bit

sectigo_csr

external_csr_pem

Conditional

The location where the existing .csr file is stored

Certificate issuance parameters

The following parameters are used for certificate issuance. The table is separated into SSL certificates and client certificates variables. Auto-renewal manages certificate expiration and renewal configuration.

SSL Certificates

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_ssl_cert_file_path`	`cert_file_path`	Mandatory	The location where the certificate is to be stored. The same location is used to store the CSR and private key.
`sectigo_ssl_cert_file_name`	`cert_file_name`	Mandatory	The name of the SSL certificate file. The same name is used for the CSR and private key.
`sectigo_ssl_cert_type`	`cert_type`	Mandatory	The type of the SSL certificate. This is the ID of the SSL certificate type.
`sectigo_ssl_cert_config_type`	`cert_config_type`	Mandatory	The type of certificate. Its value should be `ssl_cert` for SSL certificate type.
`sectigo_ssl_cert_validity`	`cert_validity`	Mandatory	The certificate validity period in days. The values are constrained by the choice of `sectigo_ssl_cert_type`.
`sectigo_ssl_cert_format_type`	`cert_format_type`	Optional	The format type for the SSL certificate. The supported values are: x509: X509, Base64 encoded (default) x509CO: X509 Certificate only, Base64 encoded x509IO: X509 Intermediate/Root only, Base64 encoded base64: PKCS#7 Base64 encoded bin: PKCS#7 Bin encoded x509IOR: X509 Intermediate/Root only Reverse, Base64 encoded
`sectigo_ssl_cert_comments`	`cert_comments`	Optional	Comments for certificate enrollment
`sectigo_ssl_cert_external_requester`	`cert_ext_requester`	Optional	A single or comma-separated list of email(s)
`sectigo_ssl_cert_subject_alt_names`	`subject_alt_names`	Optional	A single or comma-separated list of subject alternate names (SAN)
`sectigo_ssl_cert_num_servers`	`cert_num_servers`	Conditional	The number of server licenses
`sectigo_ssl_cert_server_type`	`server_type`	Optional	The server type ID
`sectigo_ssl_cert_custom_field`	`ssl_custom_fields`	Optional	The custom fields to be applied to the requested certificate. The expected format for custom fields is the following. `[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}]` If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using `\`.

sectigo_ssl_cert_file_path

cert_file_path

Mandatory

The location where the certificate is to be stored. The same location is used to store the CSR and private key.

sectigo_ssl_cert_file_name

cert_file_name

Mandatory

The name of the SSL certificate file. The same name is used for the CSR and private key.

sectigo_ssl_cert_type

cert_type

Mandatory

The type of the SSL certificate. This is the ID of the SSL certificate type.

sectigo_ssl_cert_config_type

cert_config_type

Mandatory

The type of certificate. Its value should be ssl_cert for SSL certificate type.

sectigo_ssl_cert_validity

cert_validity

Mandatory

The certificate validity period in days. The values are constrained by the choice of sectigo_ssl_cert_type.

sectigo_ssl_cert_format_type

cert_format_type

Optional

The format type for the SSL certificate. The supported values are:

x509: X509, Base64 encoded (default)
x509CO: X509 Certificate only, Base64 encoded
x509IO: X509 Intermediate/Root only, Base64 encoded
base64: PKCS#7 Base64 encoded
bin: PKCS#7 Bin encoded
x509IOR: X509 Intermediate/Root only Reverse, Base64 encoded

sectigo_ssl_cert_comments

cert_comments

Optional

Comments for certificate enrollment

sectigo_ssl_cert_external_requester

cert_ext_requester

Optional

A single or comma-separated list of email(s)

sectigo_ssl_cert_subject_alt_names

subject_alt_names

Optional

A single or comma-separated list of subject alternate names (SAN)

sectigo_ssl_cert_num_servers

cert_num_servers

Conditional

The number of server licenses

sectigo_ssl_cert_server_type

server_type

Optional

The server type ID

sectigo_ssl_cert_custom_field

ssl_custom_fields

Optional

The custom fields to be applied to the requested certificate. The expected format for custom fields is the following.

[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}]

If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using \.

Client Certificates

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_client_cert_file_path`	`client_file_path`	Mandatory	The location where the certificate is to be stored. The same location is used to store the CSR and private key.
`sectigo_client_cert_file_name`	`client_file_name`	Mandatory	The name of the client certificate file. The same name is used for the CSR and private key.
`sectigo_client_cert_type`	`cert_type`	Mandatory	The type of the client certificate. This is the ID of the client certificate type.
`sectigo_client_cert_config_type`	`cert_config_type`	Mandatory	The type of certificate. Its value should be `client_cert` for the S/MIME certificate type.
`sectigo_client_cert_validity`	`cert_validity`	Mandatory	The certificate validity period in days. The values are constrained by the choice of `sectigo_client_cert_type`.
`sectigo_client_cert_email_address`	`client_email_address`	Mandatory	The email address of the user
`sectigo_client_cert_first_name`	`client_first_name`	Mandatory	The first name of the user which is registered with Sectigo
`sectigo_client_cert_middle_name`	`client_middle_name`	Optional	The middle name of the user
`sectigo_client_cert_last_name`	`client_last_name`	Mandatory	The last name of the user
`sectigo_client_cert_custom_fields`	`client_custom_fields`	Optional	The custom fields to be applied to the requested certificate. The expected format for custom fields is the following. `[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}]` If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using `\`.
`sectigo_client_cert_revoke_on_replace`	`client_revoke_on_replace`	Optional	A Boolean value to determine if revocation on replacement is required.

sectigo_client_cert_file_path

client_file_path

Mandatory

The location where the certificate is to be stored. The same location is used to store the CSR and private key.

sectigo_client_cert_file_name

client_file_name

Mandatory

The name of the client certificate file. The same name is used for the CSR and private key.

sectigo_client_cert_type

cert_type

Mandatory

The type of the client certificate. This is the ID of the client certificate type.

sectigo_client_cert_config_type

cert_config_type

Mandatory

The type of certificate. Its value should be client_cert for the S/MIME certificate type.

sectigo_client_cert_validity

cert_validity

Mandatory

The certificate validity period in days. The values are constrained by the choice of sectigo_client_cert_type.

sectigo_client_cert_email_address

client_email_address

Mandatory

The email address of the user

sectigo_client_cert_first_name

client_first_name

Mandatory

The first name of the user which is registered with Sectigo

sectigo_client_cert_middle_name

client_middle_name

Optional

The middle name of the user

sectigo_client_cert_last_name

client_last_name

Mandatory

The last name of the user

sectigo_client_cert_custom_fields

client_custom_fields

Optional

The custom fields to be applied to the requested certificate. The expected format for custom fields is the following.

[{"name":"custom_field_1", "value":"value_1"}, {"name":"custom_field_2", "value":"value_2"}]

If you are providing this input in a JSON string, make sure that the internal double quotes are escaped properly using \.

sectigo_client_cert_revoke_on_replace

client_revoke_on_replace

Optional

A Boolean value to determine if revocation on replacement is required.

Auto-renewal

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_auto_renew`	`auto_renew`	Mandatory	Renew the certificate automatically after certificate expired. The default value is `true`. If you don’t want to automatically renew certificates, you must specify `false`.
`sectigo_expiry_window`	`cert_warning_days`	Conditional	The number of days prior to expiration that a new certificate enrollment process will be initiated if the `terraform apply` command is executed. Must be 1 or more. The default value is `7` days.

sectigo_auto_renew

auto_renew

Mandatory

Renew the certificate automatically after certificate expired. The default value is true. If you don’t want to automatically renew certificates, you must specify false.

sectigo_expiry_window

cert_warning_days

Conditional

The number of days prior to expiration that a new certificate enrollment process will be initiated if the terraform apply command is executed. Must be 1 or more. The default value is 7 days.

Certificate collection parameters

Certificate collection may fail if the certificate is still being processed. In such cases, the Sectigo Terraform Integration will try several times before returning a failure. The following parameters are used to configure the frequency and maximum time for additional attempts at certificate collection.

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_max_timeout`	`max_timeout`	Mandatory	The time (in seconds) before an attempt to download the certificate will timeout. The default value is `600` seconds.
`sectigo_loop_period`	`loop_period`	Mandatory	The time (in seconds) between each attempt to download a certificate. The default value is `30` seconds.

sectigo_max_timeout

max_timeout

Mandatory

The time (in seconds) before an attempt to download the certificate will timeout. The default value is 600 seconds.

sectigo_loop_period

loop_period

Mandatory

The time (in seconds) between each attempt to download a certificate. The default value is 30 seconds.

Other parameters

Certificates can be revoked or replaced. In such cases the following parameters are required.

Variable Argument Type Description

Variable	Argument	Type	Description
`sectigo_reason`	`reason`	Conditional	The reason for Revoke or Replace the certificate. Required for Revoke and Replace.

sectigo_reason

reason

Conditional

The reason for Revoke or Replace the certificate.

Required for Revoke and Replace.