From e96d8e1bc01ac3ef1275e6fabd83544a7314edb8 Mon Sep 17 00:00:00 2001
From: Alexander Mattoni <5110855+mattoni@users.noreply.github.com>
Date: Fri, 31 Oct 2025 10:15:06 +0000
Subject: [PATCH 1/2] Update the certificate lookup endpoint to automatically
 handle wildcards and make private keys optional.

---
 platform/paths/dns/tls/lookup.yml | 54 ++++++++-----------------------
 1 file changed, 13 insertions(+), 41 deletions(-)

diff --git a/platform/paths/dns/tls/lookup.yml b/platform/paths/dns/tls/lookup.yml
index e2c6defd..9e5d2fde 100644
--- a/platform/paths/dns/tls/lookup.yml
+++ b/platform/paths/dns/tls/lookup.yml
@@ -4,7 +4,7 @@ get:
   description: |
     Lookup and retrieve a TLS certificate bundle for a specified domain.
 
-    Requires the `dns-view` capability.
+    If the `private` parameter is set to `true`, the private key, bundle, and/or CSR will be included. Including these private fields requires the `dns-view` capability.
   tags:
     - TLS
   parameters:
@@ -15,16 +15,16 @@ get:
       description: "The domain to lookup."
       schema:
         type: string
-    - name: wildcard
+    - name: private
       in: query
       style: form
       required: false
-      description: "Whether or not to lookup a *. wildcard certificate that would be applicable for this domain. For example, if you are looking for a certificate for x.test.com, setting this to true will identify a *.test.com certificate that would also be applicable."
+      description: "If true, will include the private key, bundle, and/or CSR for this certificate. Requires the `dns-view` capability."
       schema:
         type: boolean
   responses:
     200:
-      description: Returns a TLS certificate bundle.
+      description: Returns a TLS certificate bundle if available.
       content:
         application/json:
           schema:
@@ -33,44 +33,16 @@ get:
               - data
             properties:
               data:
-                type: object
-                description: A DNS TLS certificate.
-                required:
-                  - id
-                  - hub_id
-                  - domains
-                  - events
-                  - bundle
-                  - private_key
-                properties:
-                  id:
-                    $ref: ../../../../components/schemas/ID.yml
-                  hub_id:
-                    $ref: ../../../../components/schemas/HubID.yml
-                  domains:
-                    description: A list of domains associated with the certificate.
-                    type: array
-                    items:
-                      type: string
-                  events:
-                    type: object
-                    description: A collection of timestamps for each event in the certificate's lifetime.
+                allOf:
+                  - $ref: ../../../../components/schemas/dns/tls/TlsCertificate.yml
+                  - type: object
                     properties:
-                      created:
-                        $ref: ../../../../components/schemas/DateTime.yml
-                      updated:
-                        $ref: ../../../../components/schemas/DateTime.yml
-                      deleted:
-                        $ref: ../../../../components/schemas/DateTime.yml
-                      generated:
-                        description: "When the certificate was generated."
-                        $ref: ../../../../components/schemas/DateTime.yml
-                  bundle:
-                    description: The certificate bundle
-                    type: string
-                  private_key:
-                    description: The private key for the certificate
-                    type: string
+                      private_key:
+                        type: string
+                      bundle:
+                        type: string
+                      csr:
+                        type: string
 
     default:
       $ref: ../../../../components/responses/errors/DefaultError.yml

From ce4a364fe071293e40341620fbd788335ee84047 Mon Sep 17 00:00:00 2001
From: Alexander Mattoni <5110855+mattoni@users.noreply.github.com>
Date: Fri, 31 Oct 2025 10:19:50 +0000
Subject: [PATCH 2/2] use correct permission in description

---
 platform/paths/dns/tls/lookup.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/platform/paths/dns/tls/lookup.yml b/platform/paths/dns/tls/lookup.yml
index 9e5d2fde..42bc1871 100644
--- a/platform/paths/dns/tls/lookup.yml
+++ b/platform/paths/dns/tls/lookup.yml
@@ -4,7 +4,7 @@ get:
   description: |
     Lookup and retrieve a TLS certificate bundle for a specified domain.
 
-    If the `private` parameter is set to `true`, the private key, bundle, and/or CSR will be included. Including these private fields requires the `dns-view` capability.
+    If the `private` parameter is set to `true`, the private key, bundle, and/or CSR will be included. Including these private fields requires the `dns-certs-view` capability.
   tags:
     - TLS
   parameters:
@@ -19,7 +19,7 @@ get:
       in: query
       style: form
       required: false
-      description: "If true, will include the private key, bundle, and/or CSR for this certificate. Requires the `dns-view` capability."
+      description: "If true, will include the private key, bundle, and/or CSR for this certificate. Requires the `dns-certs-view` capability."
       schema:
         type: boolean
   responses: