Get started
Yandex Certificate Manager

Concepts Certificate Manager

Certificate Manager is a service for managing TLS certificates in Yandex.Cloud. You can use the service to obtain and update Let's Encrypt® certificates and add your own certificates.

Warning

  • If you use a Let's Encrypt certificate, check domain rights after you add it.
  • If you have a user certificate, be sure to renew it on time.

Certificate types

Certificate Manager supports two types of certificates:

  • Let's Encrypt certificates (Managed certificates): Certificates issued through Let's Encrypt and managed by Certificate Manager. For more information about these certificates, see Let's Encrypt certificate.
  • User certificates (Imported certificates): Certificates added by the user. You are responsible for renewing these certificates on time. For more information about these certificates, see User certificate.

Certificate statuses

The lifecycle and statuses of certificates depend on their type.

  • Let's Encrypt certificates (Managed certificates) can have the following statuses:
    • Validating: The certificate was requested from Let's Encrypt and is pending the domain rights check.
    • Issued: The certificate was obtained and can be used in services integrated with Certificate Manager.
    • Invalid: The certificate failed the check (the domain rights check took more than one week or failed).
    • Renewing: The certificate is being renewed.
    • Renewal_failed: The certificate failed to renew.
  • User certificates (Imported certificates) always have the Issued status: the certificate was obtained and can be used in services integrated with Certificate Manager.

Sending notifications to users

If the certificate is about to expire and the service failed to reissue it automatically, you're sent a notification asking you to pass the rights check for a domain or upload a new version of the certificate yourself.

Where notifications are sent

Notifications are sent to:

  • The email address specified in the cloud settings.
  • Additional email addresses that are subscribed to notifications.

When notifications are sent

Deadline for sending notifications:

  • 21, 7, and 3 days before the certificate expires.
  • After its expiration date.

See also

In this article: