Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Certificate Manager API, REST: Certificate.List

Written by
Updated at December 17, 2024

Returns the list of certificates in the specified folder.

HTTP request

GET https://certificate-manager.api.cloud.yandex.net/certificate-manager/v1/certificates

Query parameters

Field

Description

folderId

string

Required field. ID of the folder to list certificate in.

pageSize

string (int64)

The maximum number of results per page to return. If the number of available
results is larger than page_size, the service returns a ListCertificatesResponse.nextPageToken
that can be used to get the next page of results in subsequent list requests.
Default value: 100.

pageToken

string

Page token. To get the next page of results, set page_token to the
ListCertificatesResponse.nextPageToken returned by a previous list request.

view

enum (CertificateView)

The output type of the certificate.

  • BASIC: Output basic information about the certificate.
  • FULL: Output full information about the certificate including domain challenges.

Response

HTTP Code: 200 - OK

{
  "certificates": [
    {
      "id": "string",
      "folderId": "string",
      "createdAt": "string",
      "name": "string",
      "description": "string",
      "labels": "object",
      "type": "string",
      "domains": [
        "string"
      ],
      "status": "string",
      "issuer": "string",
      "subject": "string",
      "serial": "string",
      "updatedAt": "string",
      "issuedAt": "string",
      "notAfter": "string",
      "notBefore": "string",
      "challenges": [
        {
          "domain": "string",
          "type": "string",
          "createdAt": "string",
          "updatedAt": "string",
          "status": "string",
          "message": "string",
          "error": "string",
          // Includes only one of the fields `dnsChallenge`, `httpChallenge`
          "dnsChallenge": {
            "name": "string",
            "type": "string",
            "value": "string"
          },
          "httpChallenge": {
            "url": "string",
            "content": "string"
          }
          // end of the list of possible fields
        }
      ],
      "deletionProtection": "boolean",
      "incompleteChain": "boolean"
    }
  ],
  "nextPageToken": "string"
}

Field

Description

certificates[]

Certificate

List of certificates in the specified folder.

nextPageToken

string

This token allows you to get the next page of results for list requests. If the number
of results is greater than the specified ListCertificatesRequest.pageSize, use
the next_page_token as the value for the ListCertificatesRequest.pageToken query parameter
in the next list request. Each subsequent list request will have its own
nextPageToken to continue paging through the results.

Certificate

A certificate. For details about the concept, see documentation.

Field

Description

id

string

ID of the certificate. Generated at creation time.

folderId

string

ID of the folder that the certificate belongs to.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the certificate.
The name is unique within the folder.

description

string

Description of the certificate.

labels

object (map<string, string>)

Certificate labels as key:value pairs.

type

enum (CertificateType)

Type of the certificate.

  • CERTIFICATE_TYPE_UNSPECIFIED
  • IMPORTED: The certificate is imported by user.
  • MANAGED: The certificate is created by service.

domains[]

string

Fully qualified domain names of the certificate.

status

enum (Status)

Status of the certificate.

  • STATUS_UNSPECIFIED
  • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
  • INVALID: The certificate issuance is failed. Used only for managed certificates.
  • ISSUED: The certificate is issued.
  • REVOKED: The certificate is revoked.
  • RENEWING: The certificate renewal is started. Used only for managed certificates.
  • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.

issuer

string

Distinguished Name of the certificate authority that issued the certificate.

subject

string

Distinguished Name of the entity that is associated with the public key contained in the certificate.

serial

string

Serial number of the certificate.

updatedAt

string (date-time)

Time when the certificate is updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

issuedAt

string (date-time)

Time when the certificate is issued.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notAfter

string (date-time)

Time after which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notBefore

string (date-time)

Time before which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

challenges[]

Challenge

Domains validation challenges of the certificate. Used only for managed certificates.

deletionProtection

boolean

Flag that protects deletion of the certificate

incompleteChain

boolean

Mark imported certificates without uploaded chain or with chain which not lead to root certificate

Challenge

Domain validation challenge.

Field

Description

domain

string

Domain of the challenge.

type

enum (ChallengeType)

Type of the challenge.

  • CHALLENGE_TYPE_UNSPECIFIED
  • DNS: Domain validation type that using DNS-records.
  • HTTP: Domain validation type that using HTTP-files.

createdAt

string (date-time)

Time when the challenge is created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Time when the challenge is updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

status

enum (Status)

Status of the challenge.

  • STATUS_UNSPECIFIED
  • PENDING: The challenge is waiting to be completed.
  • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
  • VALID: The challenge is complete.
  • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.

message

string

Description of the challenge.

error

string

Error of the challenge.

dnsChallenge

DnsRecord

DNS-record.

Includes only one of the fields dnsChallenge, httpChallenge.

Data of the challenge.

httpChallenge

HttpFile

HTTP-file.

Includes only one of the fields dnsChallenge, httpChallenge.

Data of the challenge.

DnsRecord

Field

Description

name

string

Name of the DNS record.

type

string

Type of the DNS-record.

value

string

Value of the DNS-record.

HttpFile

Field

Description

url

string

Location of the HTTP file.

content

string

Content of the HTTP file.
Previous
Get
Next
ListVersions