RWTS ACME DNS Admin Documentation

Administrative interface guide

Table of Contents

Authentication

API Key Management

Registration Management

Monitoring

Admin Login

The admin interface requires authentication with the master API key. This key provides full administrative access to the service.

Login Process

  1. Navigate to the admin interface
  2. Enter your username (can be any identifier)
  3. Enter the master API key as the password
  4. Check "Remember me" to store credentials in your browser
  5. Click "Login" to authenticate

Security: The master API key provides complete administrative access. Store it securely and only share with authorized administrators.

Security Features

Authentication

  • Master Key Authentication - All admin operations require the master API key
  • Session Storage - Credentials stored in browser session storage (cleared on close)
  • Auto-logout - Sessions expire when browser is closed
  • Rate Limiting - API endpoints have strict rate limits to prevent abuse

Best Practices

  • Use dedicated admin browsers - Don't mix admin and regular browsing
  • Log out when finished - Close browser tabs when done
  • Monitor access logs - Review admin activity regularly
  • Rotate master key periodically - Update master key on schedule

Creating API Keys

API keys allow users to register domains and manage certificates. Each key should be associated with a specific user or system.

Key Creation Process

  1. Click "Create New API Key" in the admin interface
  2. Fill in the required information:
    • Name - Descriptive name for the key holder
    • Email - Contact email (optional)
    • Organization - Organization or department (optional)
    • Expires Days - Key expiration in days (optional, max 3650)
  3. Click "Create Key" to generate the API key
  4. Copy the generated key immediately - it won't be shown again
  5. Securely share the key with the intended user

Key Properties

  • Unique Identifier - Each key has a unique key_id for tracking
  • One-time Display - The actual key is only shown once during creation
  • Usage Tracking - All key usage is logged and tracked
  • Expiration Support - Keys can have optional expiration dates

Important: API keys are displayed only once during creation. Make sure to copy and securely store the key before closing the dialog.

Managing API Keys

The API Keys tab shows all created keys with their status and usage information.

Key Information Displayed

  • Key ID - Unique identifier for the key
  • Name - Descriptive name you provided
  • Email & Organization - Contact information
  • Created - When the key was created
  • Expires - Expiration date (if set)
  • Status - Active or revoked status
  • Usage Count - Total API calls made with this key
  • Last Used - When the key was last used

Key Status Indicators

Active Key is valid and can be used
Revoked Key has been disabled and cannot be used
Expired Key has passed its expiration date

Revoking API Keys

Revoking an API key immediately disables it and prevents any further use. This action cannot be undone.

When to Revoke Keys

  • Employee departure - When someone leaves the organization
  • Security compromise - If a key is suspected to be compromised
  • Project completion - When a temporary project no longer needs access
  • Policy violation - If key usage violates policies

Revocation Process

  1. Find the key in the API Keys list
  2. Click the "Revoke" button for the key
  3. Confirm the revocation in the dialog
  4. The key status will immediately change to "Revoked"
  5. All future API calls with this key will be rejected

Warning: Key revocation is immediate and permanent. Revoked keys cannot be reactivated. The user will need a new key to continue using the service.

View Registrations

The Registrations tab shows all domain registrations made through the service, providing visibility into system usage.

Registration Information

  • ID - Unique registration identifier
  • Domain Hint - The domain name provided during registration
  • Subdomain - The unique subdomain assigned by acme-dns
  • Key Name - Which API key made this registration
  • Organization - The organization associated with the key
  • Client IP - IP address of the registration request
  • Created - When the registration was made

Registration List Features

  • Sorting - Click column headers to sort (newest first by default)
  • Pagination - Shows most recent 100 registrations
  • Quick Actions - Revoke button for each registration
  • Real-time Updates - Refresh to see new registrations

Revoke Registrations

Revoking a registration removes it from the system and prevents future certificate requests for that domain configuration.

When to Revoke Registrations

  • Domain no longer owned - When organization no longer controls the domain
  • Security incident - If registration credentials may be compromised
  • Policy violation - Unauthorized domain registration
  • Cleanup - Removing old or unused registrations

Revocation Process

  1. Find the registration in the list
  2. Click the "Revoke" button for the registration
  3. Confirm the action in the confirmation dialog
  4. The registration is immediately removed from the system
  5. Future certificate requests for this configuration will fail

Impact of Revocation

  • Immediate Effect - Registration is removed immediately
  • Certificate Requests - New certificate requests will fail
  • Existing Certificates - Already issued certificates continue to work
  • Re-registration - Domain can be registered again with new credentials

Note: Revoking a registration doesn't affect existing certificates, but prevents renewal and new certificate requests. Users will need to register again to continue using the service.

Search & Filter

Use the search and filter features to quickly find specific keys or registrations.

Search Capabilities

  • API Keys - Search by name, email, or organization
  • Registrations - Search by domain hint or subdomain
  • Real-time Filtering - Results update as you type
  • Case Insensitive - Search is not case-sensitive

Filter Options

  • Active Keys Only - Show only non-revoked keys
  • Expired Keys - Show only expired keys
  • Recent Activity - Show keys/registrations from specific time periods
  • High Usage - Show keys with high usage counts

Search Tips

  • Partial Matches - Use partial text to find matches
  • Multiple Terms - Search for multiple terms separated by spaces
  • Clear Filters - Use "Clear" button to reset all filters
  • Export Results - Download filtered results as CSV

Dashboard Stats

The dashboard provides real-time statistics about service usage and health.

Key Metrics

  • Total API Keys - All keys ever created
  • Active Keys - Currently valid keys
  • Total Registrations - All domain registrations
  • Recent Activity - Registrations in last 24 hours
  • Top Users - Most active API key holders

Health Monitoring

  • Service Status - Overall system health
  • Database Status - Database connectivity and performance
  • ACME-DNS Status - Backend service availability
  • Rate Limit Status - Current rate limiting state

Using Dashboard Data

  • Capacity Planning - Monitor growth trends
  • User Support - Identify users needing help
  • Security Monitoring - Watch for unusual activity
  • Performance Tracking - Monitor service performance

Admin API Reference

The admin interface uses these API endpoints. All require the master API key in the Authorization header.

Authentication

Authorization: Bearer <master-api-key>

API Endpoints

POST /admin/keys

Create a new API key

{
  "name": "User Name",
  "email": "user@example.com",
  "organization": "ACME Corp",
  "expires_days": 365
}

GET /admin/keys

List all API keys

Returns array of key objects without the actual key values

DELETE /admin/keys/{key_id}

Revoke an API key

Permanently disables the specified key

GET /admin/registrations

List all registrations

Returns last 100 registrations with key information

DELETE /admin/registrations/{id}

Revoke a registration

Removes registration from system

GET /admin/stats

Get service statistics

Returns usage metrics and health information

Rate Limits

  • Key Creation: 10 per hour
  • Key Listing: 30 per hour
  • Key Revocation: 20 per hour
  • Registration Listing: 60 per hour
  • Registration Revocation: 30 per hour
  • Statistics: 100 per hour

Troubleshooting

Common Issues

Login Failures

  • Verify the master API key is correct
  • Check that the key hasn't been changed
  • Clear browser cache and try again
  • Check browser console for error messages

API Key Creation Fails

  • Check rate limits - you may be creating keys too quickly
  • Verify all required fields are filled
  • Ensure email format is valid if provided
  • Check expiration days are within valid range (1-3650)

Interface Not Loading

  • Check that all services are running (docker-compose ps)
  • Verify Traefik routing configuration
  • Check nginx proxy configuration
  • Look at browser network tab for failed requests

Data Not Updating

  • Click refresh to update data manually
  • Check if database connection is healthy
  • Verify registration service is responding
  • Look for rate limiting errors in the logs

Diagnostic Commands

# Check service status
docker-compose ps

# View logs
docker-compose logs registration-api

# Test API health
curl https://acmedns.realworld.net.au/api/health

# Check rate limits
curl -H "Authorization: Bearer $MASTER_KEY" \
  https://acmedns.realworld.net.au/admin/stats

Getting Support

  1. Check the service health endpoint
  2. Review application logs for errors
  3. Verify configuration files
  4. Document specific error messages
  5. Contact system administrator with details