Concepts Certificate Manager
Certificate Manager is a service for managing TLS certificates in Yandex.Cloud. You can use the service to obtain and update Let's Encrypt® certificates and add your own certificates.
Warning
- If you use a Let's Encrypt certificate, check domain rights after you add it.
- If you have a user certificate, be sure to renew it on time.
Certificate types
Certificate Manager supports two types of certificates:
- Let's Encrypt certificates (
Managed
certificates): Certificates issued through Let's Encrypt and managed by Certificate Manager. For more information about these certificates, see Let's Encrypt certificate. - User certificates (
Imported
certificates): Certificates added by the user. You are responsible for renewing these certificates on time. For more information about these certificates, see User certificate.
Certificate statuses
The lifecycle and statuses of certificates depend on their type.
- Let's Encrypt certificates (
Managed
certificates) can have the following statuses:Validating
: The certificate was requested from Let's Encrypt and is pending the domain rights check.Issued
: The certificate was obtained and can be used in services integrated with Certificate Manager.Invalid
: The certificate failed the check (the domain rights check took more than one week or failed).Renewing
: The certificate is being renewed.Renewal_failed
: The certificate failed to renew.
- User certificates (
Imported
certificates) always have theIssued
status: the certificate was obtained and can be used in services integrated with Certificate Manager.
Sending notifications to users
If the certificate is about to expire and the service failed to reissue it automatically, you're sent a notification asking you to pass the rights check for a domain or upload a new version of the certificate yourself.
Where notifications are sent
Notifications are sent to:
- The email address specified in the cloud settings.
- Additional email addresses that are subscribed to notifications.
When notifications are sent
Deadline for sending notifications:
- 21, 7, and 3 days before the certificate expires.
- After its expiration date.