Deployment

Certificate Status

Query certificate lifecycle dates for your self-hosted deployment.

The certificates endpoint returns certificate lifecycle information for your Deepgram self-hosted deployment. Use it to track certificate creation, end-of-support, and end-of-life dates.

This endpoint is available on all self-hosted container images:

ImageEndpointDefault Port
API/v1/certificates8080
Engine/certificates9991 (metrics port)
License Proxy/v1/certificates8089
Billing/v1/certificates8080 (requires certificates_port in billing.toml)

The Engine container currently serves this endpoint at /certificates (without the /v1 prefix) on its metrics port. A future release will add /v1/certificates to Engine for consistency with the other container images.

Response Format

1{
2  "beginning_of_support": "2025-11-13 15:25:28.0 +00:00:00",
3  "end_of_support": "2027-05-15 03:25:28.0 +00:00:00",
4  "end_of_life": "2028-11-12 15:25:58.0 +00:00:00",
5  "instance_id": "235c0e16-c791-45b8-bf41-757ca11ac2b9"
6}
FieldDescription
beginning_of_supportUTC timestamp when the certificate was created.
end_of_support18 months after beginning_of_support. After this date, Deepgram no longer provides support for this certificate version.
end_of_life36 months after beginning_of_support. The certificate expires on this date.
instance_idUnique identifier for this deployment instance.

Making a Request

$curl http://localhost:8080/v1/certificates

Certificate Lifecycle

Deepgram self-hosted certificates follow a fixed lifecycle:

  1. Active (0–18 months after creation) β€” Full support. Software updates and security patches are available.
  2. End of Support (18–36 months after creation) β€” The deployment continues to function, but Deepgram no longer provides support or updates for this certificate version. Plan your renewal.
  3. End of Life (36 months after creation) β€” The certificate expires. The deployment will no longer validate against the Deepgram license server.

Startup Log Message

All self-hosted containers log certificate information on startup. You can inspect this without querying an endpoint:

INFO impeller: Certificates information. beginning_of_support=2025-11-13 15:26:33.0 +00:00:00 end_of_support=2027-05-15 3:26:33.0 +00:00:00 end_of_life=2028-11-12 15:27:03.0 +00:00:00 instance_id=c32fb5ff-538c-4b93-b854-8c038a22c302

This message appears in the logs for API, Engine, License Proxy, and Billing containers. If a certificate has expired, the container will log an error and refuse to start.

Monitoring Certificate Expiry

Check the eol field periodically to ensure your deployment renews before certificate expiration. A recommended approach:

Python
1from datetime import datetime, timezone
2import requests
3
4response = requests.get("http://localhost:8080/v1/certificates")
5cert = response.json()
6
7eol = datetime.fromisoformat(cert["end_of_life"])
8days_remaining = (eol - datetime.now(timezone.utc)).days
9
10if days_remaining < 90:
11    print(f"WARNING: Certificate expires in {days_remaining} days")
12elif days_remaining < 180:
13    print(f"Certificate expires in {days_remaining} days β€” plan renewal")
14else:
15    print(f"Certificate valid for {days_remaining} more days")

Billing Container Configuration

The Billing container requires certificates_port in billing.toml to serve the certificates endpoint. Without this setting, the certificates server binds to an ephemeral port and is not reachable.

1[server]
2  host = "0.0.0.0"
3  port = 8443
4  base_url = "/"
5  certificates_port = 8080

Expose this port in your Docker Compose or Kubernetes configuration to query /v1/certificates on the Billing container.

Availability

The /v1/certificates endpoint is available in release 260319 and later on all self-hosted container images.

What’s Next