Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Certificate Manager
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Let's Encrypt® certificate
      • Create a certificate
      • Get the contents of a certificate
      • Domain rights check procedure
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • User certificate
      • Create a certificate
      • Get the contents of a certificate
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • Domain
      • Create a domain
      • Link a certificate to a domain
      • Update a domain description
      • Delete a domain
    • Backups
  • Concepts
    • Overview
    • Let's Encrypt® certificate
    • User certificate
    • Check rights for domain
    • Integration with Yandex.Cloud services
    • Quotas and limits
    • Domain
      • Overview
      • Integration of the domain management system with services from Yandex.Cloud
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • CertificateContentService
      • CertificateService
      • OperationService
    • REST
      • Overview
      • Certificate
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • requestNew
        • setAccessBindings
        • update
        • updateAccessBindings
      • CertificateContent
        • Overview
        • get
  • Questions and answers
  1. Concepts
  2. Overview

Concepts Certificate Manager

  • Certificate types
  • Certificate statuses
  • Sending notifications to users
    • Where notifications are sent
    • When notifications are sent

Certificate Manager is a service for managing TLS certificates in Yandex.Cloud. You can use the service to obtain and update Let's Encrypt® certificates and add your own certificates.

Warning

  • If you use a Let's Encrypt certificate, check domain rights after you add it.
  • If you have a user certificate, be sure to renew it on time.

Certificate types

Certificate Manager supports two types of certificates:

  • Let's Encrypt certificates (Managed certificates): Certificates issued through Let's Encrypt and managed by Certificate Manager. For more information about these certificates, see Let's Encrypt certificate.
  • User certificates (Imported certificates): Certificates added by the user. You are responsible for renewing these certificates on time. For more information about these certificates, see User certificate.

Certificate statuses

The lifecycle and statuses of certificates depend on their type.

  • Let's Encrypt certificates (Managed certificates) can have the following statuses:
    • Validating: The certificate was requested from Let's Encrypt and is pending the domain rights check.
    • Issued: The certificate was obtained and can be used in services integrated with Certificate Manager.
    • Invalid: The certificate failed the check (the domain rights check took more than one week or failed).
    • Renewing: The certificate is being renewed.
    • Renewal_failed: The certificate failed to renew.
  • User certificates (Imported certificates) always have the Issued status: the certificate was obtained and can be used in services integrated with Certificate Manager.

Sending notifications to users

If the certificate is about to expire and the service failed to reissue it automatically, you're sent a notification asking you to pass the rights check for a domain or upload a new version of the certificate yourself.

Where notifications are sent

Notifications are sent to:

  • The email address specified in the cloud settings.
  • Additional email addresses that are subscribed to notifications.

When notifications are sent

Deadline for sending notifications:

  • 21, 7, and 3 days before the certificate expires.
  • After its expiration date.

See also

  • Services integrated with Certificate Manager
  • Check rights for domain
In this article:
  • Certificate types
  • Certificate statuses
  • Sending notifications to users
  • Where notifications are sent
  • When notifications are sent
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC