certs
certs
Lifecycle row for each SSL certificate. Drives the cert pipeline: CSR → validation (DCV) → issuance → install on Sucuri → renewal.
Selected columns
| Column | Type | Notes |
|---|---|---|
app_id |
integer | FK to apps |
common_name |
string | Primary domain |
csr |
text | CSR submitted to SSLStore |
current_provisioning_step |
string | State-machine cursor through the pipeline |
cname_auth_name/_value |
string | DCV CNAME record values |
approver_email |
string | Email DCV recipient |
archived_app_id |
integer | Set when cert is detached from an app |
aws_key_pushed_at |
datetime | Used by Heroku ACM flow |
Two cert flavors
- Bridge certs — short-lived Sectigo certs via SSLStore, installed during onboarding so traffic can start flowing immediately.
- Sucuri-issued long-term certs — Sucuri issues these after onboarding completes; they replace the bridge cert.
A customer still on a bridge cert weeks after onboarding is stalled. See bridge certs.