Yandex Certificate Manager
A service for managing TLS certificates.
Convenient control
Let’s Encrypt® certificates
Custom certificates
Integration with other services
Domains for Yandex API Gateway
Continuous operation
Questions and answers
Which Let’s Encrypt certificates are available in Certificate Manager?
Let’s Encrypt provides Domain Validation TLS certificates with a 90-day validity period. If you need Organization Validation or Extended Validation certificates, use a third-party certification authority to get the certificate and then upload it to Certificate Manager.
Let’s Encrypt provides Domain Validation TLS certificates with a 90-day validity period. If you need Organization Validation or Extended Validation certificates, use a third-party certification authority to get the certificate and then upload it to Certificate Manager.
How are domain rights verified?
Certificate Manager uses two types of verification: HTTP and DNS. When you create a certificate, you can choose any type of check.
You only need to check rights for domains for Let’s Encrypt certificates. Certificate Manager doesn’t check domain rights for imported user certificates.
Certificate Manager uses two types of verification: HTTP and DNS. When you create a certificate, you can choose any type of check.
You only need to check rights for domains for Let’s Encrypt certificates. Certificate Manager doesn’t check domain rights for imported user certificates.
Why do I need a TLS certificate?
TLS (Transport Layer Security) is a security protocol that provides a secure connection between a web server (website) and browser. By installing a TLS certificate on your domain, you ensure encrypted data transfers via HTTPS.
TLS (Transport Layer Security) is a security protocol that provides a secure connection between a web server (website) and browser. By installing a TLS certificate on your domain, you ensure encrypted data transfers via HTTPS.
When can a certificate be updated automatically?
Let’s Encrypt certificates are verified automatically if the following conditions are met:
- A certificate is going through the renewal procedure and its status is Renewing. The certificate renewal procedure is initiated 30 days before it expires.
- The certificate is used in the HTTPS configuration of a static website in Object Storage.
- For each certificate domain, the following is configured:
- An alias for the static website bucket where the certificate is used.
- Or a redirect to the domain with the alias for the bucket.
- The certificate is not a [Wildcard certificate] (https://en.wikipedia.org/wiki/Wildcard_certificate): it doesn’t contain masks for subdomains.
Let’s Encrypt certificates are verified automatically if the following conditions are met:
- A certificate is going through the renewal procedure and its status is Renewing. The certificate renewal procedure is initiated 30 days before it expires.
- The certificate is used in the HTTPS configuration of a static website in Object Storage.
- For each certificate domain, the following is configured:
- An alias for the static website bucket where the certificate is used.
- Or a redirect to the domain with the alias for the bucket.
- The certificate is not a [Wildcard certificate] (https://en.wikipedia.org/wiki/Wildcard_certificate): it doesn’t contain masks for subdomains.