Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Certificate Manager
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Let's Encrypt® certificate
      • Create a certificate
      • Get the contents of a certificate
      • Domain rights check procedure
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • User certificate
      • Create a certificate
      • Get the contents of a certificate
      • Renew a certificate
      • Edit a certificate
      • Delete a certificate
    • Domain
      • Create a domain
      • Link a certificate to a domain
      • Update a domain description
      • Delete a domain
    • Backups
  • Concepts
    • Overview
    • Let's Encrypt® certificate
    • User certificate
    • Check rights for domain
    • Integration with Yandex.Cloud services
    • Quotas and limits
    • Domain
      • Overview
      • Integration of the domain management system with services from Yandex.Cloud
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • CertificateContentService
      • CertificateService
      • OperationService
    • REST
      • Overview
      • Certificate
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • requestNew
        • setAccessBindings
        • update
        • updateAccessBindings
      • CertificateContent
        • Overview
        • get
  • Questions and answers
  1. API reference
  2. gRPC
  3. CertificateService

CertificateService

  • Calls CertificateService
  • Get
    • GetCertificateRequest
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • List
    • ListCertificatesRequest
    • ListCertificatesResponse
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • Create
    • CreateCertificateRequest
    • Operation
    • CreateCertificateMetadata
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • Update
    • UpdateCertificateRequest
    • Operation
    • UpdateCertificateMetadata
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • Delete
    • DeleteCertificateRequest
    • Operation
    • DeleteCertificateMetadata
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • RequestNew
    • RequestNewCertificateRequest
    • Operation
    • RequestNewCertificateMetadata
    • Certificate
    • Challenge
    • DnsRecord
    • HttpFile
  • ListOperations
    • ListCertificateOperationsRequest
    • ListCertificateOperationsResponse
    • Operation
  • ListAccessBindings
    • ListAccessBindingsRequest
    • ListAccessBindingsResponse
    • AccessBinding
    • Subject
  • SetAccessBindings
    • SetAccessBindingsRequest
    • AccessBinding
    • Subject
    • Operation
    • SetAccessBindingsMetadata
  • UpdateAccessBindings
    • UpdateAccessBindingsRequest
    • AccessBindingDelta
    • AccessBinding
    • Subject
    • Operation
    • UpdateAccessBindingsMetadata

A set of methods for managing certificates.

Call Description
Get Returns the specified certificate.
List Returns the list of certificates in the specified folder.
Create Creates a certificate in the specified folder.
Update Updates the specified certificate.
Delete Deletes the specified certificate.
RequestNew Request a certificate in the specified folder.
ListOperations Lists operations for the specified certificate.
ListAccessBindings Lists existing access bindings for the specified certificate.
SetAccessBindings Sets access bindings for the certificate.
UpdateAccessBindings Updates access bindings for the specified certificate.

Calls CertificateService

Get

Returns the specified certificate.
To get the list of available certificates, make a List request.

rpc Get (GetCertificateRequest) returns (Certificate)

GetCertificateRequest

Field Description
certificate_id string
Required. ID of the certificate to return.
To get the ID of a certificate use a CertificateService.List request. The maximum string length in characters is 50.
view enum CertificateView
The output type of the certificate.
  • BASIC: Output basic information about the certificate.
  • FULL: Output full information about the certificate including domain challenges.

    Certificate

    Field Description
    id string
    ID of the certificate. Generated at creation time.
    folder_id string
    ID of the folder that the certificate belongs to.
    created_at google.protobuf.Timestamp
    Creation timestamp.
    name string
    Name of the certificate. The name is unique within the folder.
    description string
    Description of the certificate.
    labels map<string,string>
    Certificate labels as key:value pairs.
    type enum CertificateType
    Type of the certificate.
    • IMPORTED: The certificate is imported by user.
    • MANAGED: The certificate is created by service.
      domains[] string
      Fully qualified domain names of the certificate.
      status enum Status
      Status of the certificate.
      • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
      • INVALID: The certificate issuance is failed. Used only for managed certificates.
      • ISSUED: The certificate is issued.
      • REVOKED: The certificate is revoked.
      • RENEWING: The certificate renewal is started. Used only for managed certificates.
      • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
        issuer string
        Distinguished Name of the certificate authority that issued the certificate.
        subject string
        Distinguished Name of the entity that is associated with the public key contained in the certificate.
        serial string
        Serial number of the certificate.
        updated_at google.protobuf.Timestamp
        Time when the certificate is updated.
        issued_at google.protobuf.Timestamp
        Time when the certificate is issued.
        not_after google.protobuf.Timestamp
        Time after which the certificate is not valid.
        not_before google.protobuf.Timestamp
        Time before which the certificate is not valid.
        challenges[] Challenge
        Domains validation challenges of the certificate. Used only for managed certificates.

        Challenge

        Field Description
        domain string
        Domain of the challenge.
        type enum ChallengeType
        Type of the challenge.
        • DNS: Domain validation type that using DNS-records.
        • HTTP: Domain validation type that using HTTP-files.
          created_at google.protobuf.Timestamp
          Time when the challenge is created.
          updated_at google.protobuf.Timestamp
          Time when the challenge is updated.
          status enum Status
          Status of the challenge.
          • PENDING: The challenge is waiting to be completed.
          • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
          • VALID: The challenge is complete.
          • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
            message string
            Description of the challenge.
            error string
            Error of the challenge.
            challenge oneof: dns_challenge or http_challenge
            Data of the challenge.
              dns_challenge DnsRecord
            DNS-record.
              http_challenge HttpFile
            HTTP-file.

            DnsRecord

            Field Description
            name string
            Name of the DNS record.
            type string
            Type of the DNS-record.
            value string
            Value of the DNS-record.

            HttpFile

            Field Description
            url string
            Location of the HTTP file.
            content string
            Content of the HTTP file.

            List

            Returns the list of certificates in the specified folder.

            rpc List (ListCertificatesRequest) returns (ListCertificatesResponse)

            ListCertificatesRequest

            Field Description
            folder_id string
            Required. ID of the folder to list certificate in. The maximum string length in characters is 50.
            page_size int64
            The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListCertificatesResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
            page_token string
            Page token. To get the next page of results, set page_token to the ListCertificatesResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.
            view enum CertificateView
            The output type of the certificate.
            • BASIC: Output basic information about the certificate.
            • FULL: Output full information about the certificate including domain challenges.

              ListCertificatesResponse

              Field Description
              certificates[] Certificate
              List of certificates in the specified folder.
              next_page_token string
              This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListCertificatesRequest.page_size, use the next_page_token as the value for the ListCertificatesRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

              Certificate

              Field Description
              id string
              ID of the certificate. Generated at creation time.
              folder_id string
              ID of the folder that the certificate belongs to.
              created_at google.protobuf.Timestamp
              Creation timestamp.
              name string
              Name of the certificate. The name is unique within the folder.
              description string
              Description of the certificate.
              labels map<string,string>
              Certificate labels as key:value pairs.
              type enum CertificateType
              Type of the certificate.
              • IMPORTED: The certificate is imported by user.
              • MANAGED: The certificate is created by service.
                domains[] string
                Fully qualified domain names of the certificate.
                status enum Status
                Status of the certificate.
                • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
                • INVALID: The certificate issuance is failed. Used only for managed certificates.
                • ISSUED: The certificate is issued.
                • REVOKED: The certificate is revoked.
                • RENEWING: The certificate renewal is started. Used only for managed certificates.
                • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
                  issuer string
                  Distinguished Name of the certificate authority that issued the certificate.
                  subject string
                  Distinguished Name of the entity that is associated with the public key contained in the certificate.
                  serial string
                  Serial number of the certificate.
                  updated_at google.protobuf.Timestamp
                  Time when the certificate is updated.
                  issued_at google.protobuf.Timestamp
                  Time when the certificate is issued.
                  not_after google.protobuf.Timestamp
                  Time after which the certificate is not valid.
                  not_before google.protobuf.Timestamp
                  Time before which the certificate is not valid.
                  challenges[] Challenge
                  Domains validation challenges of the certificate. Used only for managed certificates.

                  Challenge

                  Field Description
                  domain string
                  Domain of the challenge.
                  type enum ChallengeType
                  Type of the challenge.
                  • DNS: Domain validation type that using DNS-records.
                  • HTTP: Domain validation type that using HTTP-files.
                    created_at google.protobuf.Timestamp
                    Time when the challenge is created.
                    updated_at google.protobuf.Timestamp
                    Time when the challenge is updated.
                    status enum Status
                    Status of the challenge.
                    • PENDING: The challenge is waiting to be completed.
                    • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
                    • VALID: The challenge is complete.
                    • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
                      message string
                      Description of the challenge.
                      error string
                      Error of the challenge.
                      challenge oneof: dns_challenge or http_challenge
                      Data of the challenge.
                        dns_challenge DnsRecord
                      DNS-record.
                        http_challenge HttpFile
                      HTTP-file.

                      DnsRecord

                      Field Description
                      name string
                      Name of the DNS record.
                      type string
                      Type of the DNS-record.
                      value string
                      Value of the DNS-record.

                      HttpFile

                      Field Description
                      url string
                      Location of the HTTP file.
                      content string
                      Content of the HTTP file.

                      Create

                      Creates a certificate in the specified folder.

                      rpc Create (CreateCertificateRequest) returns (operation.Operation)

                      Metadata and response of Operation:

                          Operation.metadata:CreateCertificateMetadata

                          Operation.response:Certificate

                      CreateCertificateRequest

                      Field Description
                      folder_id string
                      Required. ID of the folder to create a certificate in. The maximum string length in characters is 50.
                      name string
                      Name of the certificate. The name must be unique within the folder. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.
                      description string
                      Description of the certificate. The maximum string length in characters is 1024.
                      labels map<string,string>
                      Labels for the certificate as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.
                      certificate string
                      PEM-encoded certificate content of the certificate. The maximum string length in characters is 32768.
                      chain string
                      PEM-encoded certificate chain content of the certificate. The maximum string length in characters is 2097152.
                      private_key string
                      Required. PEM-encoded private key content of the certificate. The string length in characters must be 1-524288.

                      Operation

                      Field Description
                      id string
                      ID of the operation.
                      description string
                      Description of the operation. 0-256 characters long.
                      created_at google.protobuf.Timestamp
                      Creation timestamp.
                      created_by string
                      ID of the user or service account who initiated the operation.
                      modified_at google.protobuf.Timestamp
                      The time when the Operation resource was last modified.
                      done bool
                      If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                      metadata google.protobuf.Any<CreateCertificateMetadata>
                      Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                      result oneof: error or response
                      The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                        error google.rpc.Status
                      The error result of the operation in case of failure or cancellation.
                        response google.protobuf.Any<Certificate>
                      if operation finished successfully.

                      CreateCertificateMetadata

                      Field Description
                      certificate_id string
                      ID of the certificate being created.

                      Certificate

                      Field Description
                      id string
                      ID of the certificate. Generated at creation time.
                      folder_id string
                      ID of the folder that the certificate belongs to.
                      created_at google.protobuf.Timestamp
                      Creation timestamp.
                      name string
                      Name of the certificate. The name is unique within the folder.
                      description string
                      Description of the certificate.
                      labels map<string,string>
                      Certificate labels as key:value pairs.
                      type enum CertificateType
                      Type of the certificate.
                      • IMPORTED: The certificate is imported by user.
                      • MANAGED: The certificate is created by service.
                        domains[] string
                        Fully qualified domain names of the certificate.
                        status enum Status
                        Status of the certificate.
                        • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
                        • INVALID: The certificate issuance is failed. Used only for managed certificates.
                        • ISSUED: The certificate is issued.
                        • REVOKED: The certificate is revoked.
                        • RENEWING: The certificate renewal is started. Used only for managed certificates.
                        • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
                          issuer string
                          Distinguished Name of the certificate authority that issued the certificate.
                          subject string
                          Distinguished Name of the entity that is associated with the public key contained in the certificate.
                          serial string
                          Serial number of the certificate.
                          updated_at google.protobuf.Timestamp
                          Time when the certificate is updated.
                          issued_at google.protobuf.Timestamp
                          Time when the certificate is issued.
                          not_after google.protobuf.Timestamp
                          Time after which the certificate is not valid.
                          not_before google.protobuf.Timestamp
                          Time before which the certificate is not valid.
                          challenges[] Challenge
                          Domains validation challenges of the certificate. Used only for managed certificates.

                          Challenge

                          Field Description
                          domain string
                          Domain of the challenge.
                          type enum ChallengeType
                          Type of the challenge.
                          • DNS: Domain validation type that using DNS-records.
                          • HTTP: Domain validation type that using HTTP-files.
                            created_at google.protobuf.Timestamp
                            Time when the challenge is created.
                            updated_at google.protobuf.Timestamp
                            Time when the challenge is updated.
                            status enum Status
                            Status of the challenge.
                            • PENDING: The challenge is waiting to be completed.
                            • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
                            • VALID: The challenge is complete.
                            • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
                              message string
                              Description of the challenge.
                              error string
                              Error of the challenge.
                              challenge oneof: dns_challenge or http_challenge
                              Data of the challenge.
                                dns_challenge DnsRecord
                              DNS-record.
                                http_challenge HttpFile
                              HTTP-file.

                              DnsRecord

                              Field Description
                              name string
                              Name of the DNS record.
                              type string
                              Type of the DNS-record.
                              value string
                              Value of the DNS-record.

                              HttpFile

                              Field Description
                              url string
                              Location of the HTTP file.
                              content string
                              Content of the HTTP file.

                              Update

                              Updates the specified certificate.

                              rpc Update (UpdateCertificateRequest) returns (operation.Operation)

                              Metadata and response of Operation:

                                  Operation.metadata:UpdateCertificateMetadata

                                  Operation.response:Certificate

                              UpdateCertificateRequest

                              Field Description
                              certificate_id string
                              Required. ID of the certificate to update. To get the ID of a certificate use a CertificateService.List request. The maximum string length in characters is 50.
                              update_mask google.protobuf.FieldMask
                              Field mask that specifies which attributes of the certificate are going to be updated.
                              name string
                              New name for the certificate. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.
                              description string
                              New description for the certificate. The maximum string length in characters is 1024.
                              labels map<string,string>
                              New labels for the certificate as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.
                              certificate string
                              New PEM-encoded certificate content for the certificate. Used only for imported certificates. The maximum string length in characters is 32768.
                              chain string
                              New PEM-encoded certificate chain content for the certificate. Used only for imported certificates. The maximum string length in characters is 2097152.
                              private_key string
                              New PEM-encoded private key content for the certificate. Used only for imported certificates. The maximum string length in characters is 524288.

                              Operation

                              Field Description
                              id string
                              ID of the operation.
                              description string
                              Description of the operation. 0-256 characters long.
                              created_at google.protobuf.Timestamp
                              Creation timestamp.
                              created_by string
                              ID of the user or service account who initiated the operation.
                              modified_at google.protobuf.Timestamp
                              The time when the Operation resource was last modified.
                              done bool
                              If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                              metadata google.protobuf.Any<UpdateCertificateMetadata>
                              Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                              result oneof: error or response
                              The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                error google.rpc.Status
                              The error result of the operation in case of failure or cancellation.
                                response google.protobuf.Any<Certificate>
                              if operation finished successfully.

                              UpdateCertificateMetadata

                              Field Description
                              certificate_id string
                              ID of the certificate being updated.

                              Certificate

                              Field Description
                              id string
                              ID of the certificate. Generated at creation time.
                              folder_id string
                              ID of the folder that the certificate belongs to.
                              created_at google.protobuf.Timestamp
                              Creation timestamp.
                              name string
                              Name of the certificate. The name is unique within the folder.
                              description string
                              Description of the certificate.
                              labels map<string,string>
                              Certificate labels as key:value pairs.
                              type enum CertificateType
                              Type of the certificate.
                              • IMPORTED: The certificate is imported by user.
                              • MANAGED: The certificate is created by service.
                                domains[] string
                                Fully qualified domain names of the certificate.
                                status enum Status
                                Status of the certificate.
                                • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
                                • INVALID: The certificate issuance is failed. Used only for managed certificates.
                                • ISSUED: The certificate is issued.
                                • REVOKED: The certificate is revoked.
                                • RENEWING: The certificate renewal is started. Used only for managed certificates.
                                • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
                                  issuer string
                                  Distinguished Name of the certificate authority that issued the certificate.
                                  subject string
                                  Distinguished Name of the entity that is associated with the public key contained in the certificate.
                                  serial string
                                  Serial number of the certificate.
                                  updated_at google.protobuf.Timestamp
                                  Time when the certificate is updated.
                                  issued_at google.protobuf.Timestamp
                                  Time when the certificate is issued.
                                  not_after google.protobuf.Timestamp
                                  Time after which the certificate is not valid.
                                  not_before google.protobuf.Timestamp
                                  Time before which the certificate is not valid.
                                  challenges[] Challenge
                                  Domains validation challenges of the certificate. Used only for managed certificates.

                                  Challenge

                                  Field Description
                                  domain string
                                  Domain of the challenge.
                                  type enum ChallengeType
                                  Type of the challenge.
                                  • DNS: Domain validation type that using DNS-records.
                                  • HTTP: Domain validation type that using HTTP-files.
                                    created_at google.protobuf.Timestamp
                                    Time when the challenge is created.
                                    updated_at google.protobuf.Timestamp
                                    Time when the challenge is updated.
                                    status enum Status
                                    Status of the challenge.
                                    • PENDING: The challenge is waiting to be completed.
                                    • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
                                    • VALID: The challenge is complete.
                                    • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
                                      message string
                                      Description of the challenge.
                                      error string
                                      Error of the challenge.
                                      challenge oneof: dns_challenge or http_challenge
                                      Data of the challenge.
                                        dns_challenge DnsRecord
                                      DNS-record.
                                        http_challenge HttpFile
                                      HTTP-file.

                                      DnsRecord

                                      Field Description
                                      name string
                                      Name of the DNS record.
                                      type string
                                      Type of the DNS-record.
                                      value string
                                      Value of the DNS-record.

                                      HttpFile

                                      Field Description
                                      url string
                                      Location of the HTTP file.
                                      content string
                                      Content of the HTTP file.

                                      Delete

                                      Deletes the specified certificate.

                                      rpc Delete (DeleteCertificateRequest) returns (operation.Operation)

                                      Metadata and response of Operation:

                                          Operation.metadata:DeleteCertificateMetadata

                                          Operation.response:Certificate

                                      DeleteCertificateRequest

                                      Field Description
                                      certificate_id string
                                      Required. ID of the certificate to be deleted. The maximum string length in characters is 50.

                                      Operation

                                      Field Description
                                      id string
                                      ID of the operation.
                                      description string
                                      Description of the operation. 0-256 characters long.
                                      created_at google.protobuf.Timestamp
                                      Creation timestamp.
                                      created_by string
                                      ID of the user or service account who initiated the operation.
                                      modified_at google.protobuf.Timestamp
                                      The time when the Operation resource was last modified.
                                      done bool
                                      If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                      metadata google.protobuf.Any<DeleteCertificateMetadata>
                                      Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                      result oneof: error or response
                                      The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                        error google.rpc.Status
                                      The error result of the operation in case of failure or cancellation.
                                        response google.protobuf.Any<Certificate>
                                      if operation finished successfully.

                                      DeleteCertificateMetadata

                                      Field Description
                                      certificate_id string
                                      ID of the certificate being deleted.

                                      Certificate

                                      Field Description
                                      id string
                                      ID of the certificate. Generated at creation time.
                                      folder_id string
                                      ID of the folder that the certificate belongs to.
                                      created_at google.protobuf.Timestamp
                                      Creation timestamp.
                                      name string
                                      Name of the certificate. The name is unique within the folder.
                                      description string
                                      Description of the certificate.
                                      labels map<string,string>
                                      Certificate labels as key:value pairs.
                                      type enum CertificateType
                                      Type of the certificate.
                                      • IMPORTED: The certificate is imported by user.
                                      • MANAGED: The certificate is created by service.
                                        domains[] string
                                        Fully qualified domain names of the certificate.
                                        status enum Status
                                        Status of the certificate.
                                        • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
                                        • INVALID: The certificate issuance is failed. Used only for managed certificates.
                                        • ISSUED: The certificate is issued.
                                        • REVOKED: The certificate is revoked.
                                        • RENEWING: The certificate renewal is started. Used only for managed certificates.
                                        • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
                                          issuer string
                                          Distinguished Name of the certificate authority that issued the certificate.
                                          subject string
                                          Distinguished Name of the entity that is associated with the public key contained in the certificate.
                                          serial string
                                          Serial number of the certificate.
                                          updated_at google.protobuf.Timestamp
                                          Time when the certificate is updated.
                                          issued_at google.protobuf.Timestamp
                                          Time when the certificate is issued.
                                          not_after google.protobuf.Timestamp
                                          Time after which the certificate is not valid.
                                          not_before google.protobuf.Timestamp
                                          Time before which the certificate is not valid.
                                          challenges[] Challenge
                                          Domains validation challenges of the certificate. Used only for managed certificates.

                                          Challenge

                                          Field Description
                                          domain string
                                          Domain of the challenge.
                                          type enum ChallengeType
                                          Type of the challenge.
                                          • DNS: Domain validation type that using DNS-records.
                                          • HTTP: Domain validation type that using HTTP-files.
                                            created_at google.protobuf.Timestamp
                                            Time when the challenge is created.
                                            updated_at google.protobuf.Timestamp
                                            Time when the challenge is updated.
                                            status enum Status
                                            Status of the challenge.
                                            • PENDING: The challenge is waiting to be completed.
                                            • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
                                            • VALID: The challenge is complete.
                                            • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
                                              message string
                                              Description of the challenge.
                                              error string
                                              Error of the challenge.
                                              challenge oneof: dns_challenge or http_challenge
                                              Data of the challenge.
                                                dns_challenge DnsRecord
                                              DNS-record.
                                                http_challenge HttpFile
                                              HTTP-file.

                                              DnsRecord

                                              Field Description
                                              name string
                                              Name of the DNS record.
                                              type string
                                              Type of the DNS-record.
                                              value string
                                              Value of the DNS-record.

                                              HttpFile

                                              Field Description
                                              url string
                                              Location of the HTTP file.
                                              content string
                                              Content of the HTTP file.

                                              RequestNew

                                              Request a certificate in the specified folder.

                                              rpc RequestNew (RequestNewCertificateRequest) returns (operation.Operation)

                                              Metadata and response of Operation:

                                                  Operation.metadata:RequestNewCertificateMetadata

                                                  Operation.response:Certificate

                                              RequestNewCertificateRequest

                                              Field Description
                                              folder_id string
                                              Required. ID of the folder to create a certificate in. The maximum string length in characters is 50.
                                              name string
                                              Name of the certificate. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.
                                              description string
                                              Description of the certificate. The maximum string length in characters is 1024.
                                              labels map<string,string>
                                              Labels for the certificate as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.
                                              domains[] string
                                              Fully qualified domain names of the certificate.
                                              challenge_type enum ChallengeType
                                              Type of the domain validation challenge.
                                              • DNS: Domain validation type that using DNS-records.
                                              • HTTP: Domain validation type that using HTTP-files.

                                                Operation

                                                Field Description
                                                id string
                                                ID of the operation.
                                                description string
                                                Description of the operation. 0-256 characters long.
                                                created_at google.protobuf.Timestamp
                                                Creation timestamp.
                                                created_by string
                                                ID of the user or service account who initiated the operation.
                                                modified_at google.protobuf.Timestamp
                                                The time when the Operation resource was last modified.
                                                done bool
                                                If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                metadata google.protobuf.Any<RequestNewCertificateMetadata>
                                                Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                result oneof: error or response
                                                The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                  error google.rpc.Status
                                                The error result of the operation in case of failure or cancellation.
                                                  response google.protobuf.Any<Certificate>
                                                if operation finished successfully.

                                                RequestNewCertificateMetadata

                                                Field Description
                                                certificate_id string
                                                ID of the certificate that is being requested.

                                                Certificate

                                                Field Description
                                                id string
                                                ID of the certificate. Generated at creation time.
                                                folder_id string
                                                ID of the folder that the certificate belongs to.
                                                created_at google.protobuf.Timestamp
                                                Creation timestamp.
                                                name string
                                                Name of the certificate. The name is unique within the folder.
                                                description string
                                                Description of the certificate.
                                                labels map<string,string>
                                                Certificate labels as key:value pairs.
                                                type enum CertificateType
                                                Type of the certificate.
                                                • IMPORTED: The certificate is imported by user.
                                                • MANAGED: The certificate is created by service.
                                                  domains[] string
                                                  Fully qualified domain names of the certificate.
                                                  status enum Status
                                                  Status of the certificate.
                                                  • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
                                                  • INVALID: The certificate issuance is failed. Used only for managed certificates.
                                                  • ISSUED: The certificate is issued.
                                                  • REVOKED: The certificate is revoked.
                                                  • RENEWING: The certificate renewal is started. Used only for managed certificates.
                                                  • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
                                                    issuer string
                                                    Distinguished Name of the certificate authority that issued the certificate.
                                                    subject string
                                                    Distinguished Name of the entity that is associated with the public key contained in the certificate.
                                                    serial string
                                                    Serial number of the certificate.
                                                    updated_at google.protobuf.Timestamp
                                                    Time when the certificate is updated.
                                                    issued_at google.protobuf.Timestamp
                                                    Time when the certificate is issued.
                                                    not_after google.protobuf.Timestamp
                                                    Time after which the certificate is not valid.
                                                    not_before google.protobuf.Timestamp
                                                    Time before which the certificate is not valid.
                                                    challenges[] Challenge
                                                    Domains validation challenges of the certificate. Used only for managed certificates.

                                                    Challenge

                                                    Field Description
                                                    domain string
                                                    Domain of the challenge.
                                                    type enum ChallengeType
                                                    Type of the challenge.
                                                    • DNS: Domain validation type that using DNS-records.
                                                    • HTTP: Domain validation type that using HTTP-files.
                                                      created_at google.protobuf.Timestamp
                                                      Time when the challenge is created.
                                                      updated_at google.protobuf.Timestamp
                                                      Time when the challenge is updated.
                                                      status enum Status
                                                      Status of the challenge.
                                                      • PENDING: The challenge is waiting to be completed.
                                                      • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
                                                      • VALID: The challenge is complete.
                                                      • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
                                                        message string
                                                        Description of the challenge.
                                                        error string
                                                        Error of the challenge.
                                                        challenge oneof: dns_challenge or http_challenge
                                                        Data of the challenge.
                                                          dns_challenge DnsRecord
                                                        DNS-record.
                                                          http_challenge HttpFile
                                                        HTTP-file.

                                                        DnsRecord

                                                        Field Description
                                                        name string
                                                        Name of the DNS record.
                                                        type string
                                                        Type of the DNS-record.
                                                        value string
                                                        Value of the DNS-record.

                                                        HttpFile

                                                        Field Description
                                                        url string
                                                        Location of the HTTP file.
                                                        content string
                                                        Content of the HTTP file.

                                                        ListOperations

                                                        Lists operations for the specified certificate.

                                                        rpc ListOperations (ListCertificateOperationsRequest) returns (ListCertificateOperationsResponse)

                                                        ListCertificateOperationsRequest

                                                        Field Description
                                                        certificate_id string
                                                        Required. ID of the certificate to list operations for.
                                                        To get the certificate ID, use a CertificateService.List request. The maximum string length in characters is 50.
                                                        page_size int64
                                                        The maximum number of results per page that should be returned. If the number of available results is larger than page_size, the service returns a ListCertificateOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                                                        page_token string
                                                        Page token. To get the next page of results, set page_token to the ListCertificateOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

                                                        ListCertificateOperationsResponse

                                                        Field Description
                                                        operations[] operation.Operation
                                                        List of operations for the specified certificate.
                                                        next_page_token string
                                                        This token allows you to get the next page of results for list requests. If the number of results is larger than ListCertificateOperationsRequest.page_size, use the next_page_token as the value for the ListCertificateOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                                                        Operation

                                                        Field Description
                                                        id string
                                                        ID of the operation.
                                                        description string
                                                        Description of the operation. 0-256 characters long.
                                                        created_at google.protobuf.Timestamp
                                                        Creation timestamp.
                                                        created_by string
                                                        ID of the user or service account who initiated the operation.
                                                        modified_at google.protobuf.Timestamp
                                                        The time when the Operation resource was last modified.
                                                        done bool
                                                        If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                        metadata google.protobuf.Any
                                                        Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                        result oneof: error or response
                                                        The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                          error google.rpc.Status
                                                        The error result of the operation in case of failure or cancellation.
                                                          response google.protobuf.Any
                                                        The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

                                                        ListAccessBindings

                                                        Lists existing access bindings for the specified certificate.

                                                        rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)

                                                        ListAccessBindingsRequest

                                                        Field Description
                                                        resource_id string
                                                        Required. ID of the resource to list access bindings for.
                                                        To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50.
                                                        page_size int64
                                                        The maximum number of results per page that should be returned. If the number of available results is larger than page_size, the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                                                        page_token string
                                                        Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100.

                                                        ListAccessBindingsResponse

                                                        Field Description
                                                        access_bindings[] AccessBinding
                                                        List of access bindings for the specified resource.
                                                        next_page_token string
                                                        This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                                                        AccessBinding

                                                        Field Description
                                                        role_id string
                                                        Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                        subject Subject
                                                        Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                        Subject

                                                        Field Description
                                                        id string
                                                        Required.
                                                        • allAuthenticatedUsers: A special system identifier that represents anyone
                                                        • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                        • <cloud generated id>: An identifier that represents a user account.
                                                        The maximum string length in characters is 50.
                                                        type string
                                                        Required.
                                                        • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                        • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                        • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                        • system: System group. This type represents several accounts with a common system identifier.
                                                        The maximum string length in characters is 100.

                                                        SetAccessBindings

                                                        Sets access bindings for the certificate.

                                                        rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)

                                                        Metadata and response of Operation:

                                                            Operation.metadata:SetAccessBindingsMetadata

                                                            Operation.response:google.protobuf.Empty

                                                        SetAccessBindingsRequest

                                                        Field Description
                                                        resource_id string
                                                        Required. ID of the resource for which access bindings are being set.
                                                        To get the resource ID, use a corresponding List request. The maximum string length in characters is 50.
                                                        access_bindings[] AccessBinding
                                                        Required. Access bindings to be set. For more information, see Access Bindings.

                                                        AccessBinding

                                                        Field Description
                                                        role_id string
                                                        Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                        subject Subject
                                                        Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                        Subject

                                                        Field Description
                                                        id string
                                                        Required.
                                                        • allAuthenticatedUsers: A special system identifier that represents anyone
                                                        • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                        • <cloud generated id>: An identifier that represents a user account.
                                                        The maximum string length in characters is 50.
                                                        type string
                                                        Required.
                                                        • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                        • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                        • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                        • system: System group. This type represents several accounts with a common system identifier.
                                                        The maximum string length in characters is 100.

                                                        Operation

                                                        Field Description
                                                        id string
                                                        ID of the operation.
                                                        description string
                                                        Description of the operation. 0-256 characters long.
                                                        created_at google.protobuf.Timestamp
                                                        Creation timestamp.
                                                        created_by string
                                                        ID of the user or service account who initiated the operation.
                                                        modified_at google.protobuf.Timestamp
                                                        The time when the Operation resource was last modified.
                                                        done bool
                                                        If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                        metadata google.protobuf.Any<SetAccessBindingsMetadata>
                                                        Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                        result oneof: error or response
                                                        The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                          error google.rpc.Status
                                                        The error result of the operation in case of failure or cancellation.
                                                          response google.protobuf.Any<google.protobuf.Empty>
                                                        if operation finished successfully.

                                                        SetAccessBindingsMetadata

                                                        Field Description
                                                        resource_id string
                                                        ID of the resource for which access bindings are being set.

                                                        UpdateAccessBindings

                                                        Updates access bindings for the specified certificate.

                                                        rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)

                                                        Metadata and response of Operation:

                                                            Operation.metadata:UpdateAccessBindingsMetadata

                                                            Operation.response:google.protobuf.Empty

                                                        UpdateAccessBindingsRequest

                                                        Field Description
                                                        resource_id string
                                                        Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50.
                                                        access_binding_deltas[] AccessBindingDelta
                                                        Required. Updates to access bindings. The number of elements must be greater than 0.

                                                        AccessBindingDelta

                                                        Field Description
                                                        action enum AccessBindingAction
                                                        Required. The action that is being performed on an access binding.
                                                        • ADD: Addition of an access binding.
                                                        • REMOVE: Removal of an access binding.
                                                          access_binding AccessBinding
                                                          Required. Access binding. For more information, see Access Bindings.

                                                          AccessBinding

                                                          Field Description
                                                          role_id string
                                                          Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                          subject Subject
                                                          Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                          Subject

                                                          Field Description
                                                          id string
                                                          Required.
                                                          • allAuthenticatedUsers: A special system identifier that represents anyone
                                                          • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                          • <cloud generated id>: An identifier that represents a user account.
                                                          The maximum string length in characters is 50.
                                                          type string
                                                          Required.
                                                          • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                          • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                          • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                          • system: System group. This type represents several accounts with a common system identifier.
                                                          The maximum string length in characters is 100.

                                                          Operation

                                                          Field Description
                                                          id string
                                                          ID of the operation.
                                                          description string
                                                          Description of the operation. 0-256 characters long.
                                                          created_at google.protobuf.Timestamp
                                                          Creation timestamp.
                                                          created_by string
                                                          ID of the user or service account who initiated the operation.
                                                          modified_at google.protobuf.Timestamp
                                                          The time when the Operation resource was last modified.
                                                          done bool
                                                          If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                          metadata google.protobuf.Any<UpdateAccessBindingsMetadata>
                                                          Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                          result oneof: error or response
                                                          The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                            error google.rpc.Status
                                                          The error result of the operation in case of failure or cancellation.
                                                            response google.protobuf.Any<google.protobuf.Empty>
                                                          if operation finished successfully.

                                                          UpdateAccessBindingsMetadata

                                                          Field Description
                                                          resource_id string
                                                          ID of the resource for which access bindings are being updated.
                                                          In this article:
                                                          • Calls CertificateService
                                                          • Get
                                                          • GetCertificateRequest
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • List
                                                          • ListCertificatesRequest
                                                          • ListCertificatesResponse
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • Create
                                                          • CreateCertificateRequest
                                                          • Operation
                                                          • CreateCertificateMetadata
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • Update
                                                          • UpdateCertificateRequest
                                                          • Operation
                                                          • UpdateCertificateMetadata
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • Delete
                                                          • DeleteCertificateRequest
                                                          • Operation
                                                          • DeleteCertificateMetadata
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • RequestNew
                                                          • RequestNewCertificateRequest
                                                          • Operation
                                                          • RequestNewCertificateMetadata
                                                          • Certificate
                                                          • Challenge
                                                          • DnsRecord
                                                          • HttpFile
                                                          • ListOperations
                                                          • ListCertificateOperationsRequest
                                                          • ListCertificateOperationsResponse
                                                          • Operation
                                                          • ListAccessBindings
                                                          • ListAccessBindingsRequest
                                                          • ListAccessBindingsResponse
                                                          • AccessBinding
                                                          • Subject
                                                          • SetAccessBindings
                                                          • SetAccessBindingsRequest
                                                          • AccessBinding
                                                          • Subject
                                                          • Operation
                                                          • SetAccessBindingsMetadata
                                                          • UpdateAccessBindings
                                                          • UpdateAccessBindingsRequest
                                                          • AccessBindingDelta
                                                          • AccessBinding
                                                          • Subject
                                                          • Operation
                                                          • UpdateAccessBindingsMetadata
                                                          Language
                                                          Careers
                                                          Privacy policy
                                                          Terms of use
                                                          © 2021 Yandex.Cloud LLC