What Is Automatic Certificate Management?
Whenever you create a domain, ngrok automatically provisions and manages your TLS certificates by default. Your TLS certificates will be automatically provisioned and renewed with Let's Encrypt, an ACME-compliant certificate authority. Others may be supported in the future.
Alternatively, you can bring your own TLS certificates and use your own certificate authority.
It is recommended that you choose automatic TLS certificate management unless you have special requirements.
Let's Encrypt provisioning
ngrok is a Let's Encrypt sponsor.
When provisioning TLS certificates with Let's Encrypt, ngrok uses a HTTP01 challenge for most domains. When you create a wildcard domain, ngrok uses a DNS01 challenge instead.
How long does provisioning take?
TLS certificates are provisioned asynchronously. Depending on the speed of the ACME certificate authority, it can take anywhere between a few seconds to 10 minutes for your certificate to be provisioned.
You can check the status of a certificate provisioning job by requesting the domain with ngrok's API. Each domain object contains a certificate_management_status property.
Configuring automatic management
You can use the API to configure automatic TLS certificate management for a domain by sending a request with the "certificate_management_policy" property to /reserved_domains/{id}.
Loading…
Private Keys
When using automatic TLS certificates, ngrok generates a private key for your domain and encrypts it at rest with NaCL.
When you configure a domain to use automated certificates, you can choose which type of private key will be generated for it. Options include: