Back up certificates

Saving a certificateSaving a certificate

To save a certificate:

1. Get the certificate ID.

   Management console

   CLI

   API

   1. In the management console, select the folder where the certificate is located.
   2. In the list of services, select Certificate Manager.
   3. Copy the contents of the ID field for the certificate you want to save.

   If you do not have the Yandex Cloud command line interface yet, install and initialize it.

   The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

   1. View a description of the CLI command to get the certificate list:

      yc cm certificate list --help
      

   2. Run this command:

      yc cm certificate list
      

   To get the certificate ID, use the list REST API method for the Certificate resource or the CertificateService/List gRPC API call.

2. Get the contents of the certificate.

   CLI

   API

   If you do not have the Yandex Cloud command line interface yet, install and initialize it.

   The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

   1. View a description of the CLI command to get the certificate contents:

      yc cm certificate content --help
      

   2. Run this command:

      yc cm certificate content \
        --id <certificate_ID> \
        --chain <path_to_certificate_chain_file> \
        --key <path_to_private_key_file>
      ...
      

   To get the certificate contents, use the get REST API method for the CertificateContent resource or the CertificateContentService/Get gRPC API call.

   Keep the resulting files in a secure place for long-term storage.

3. Repeat the procedure for each certificate you want to back up.

Restoring a certificateRestoring a certificate

To restore a user certificate from the certificate chain and key files:

1. Prepare the files with the certificate contents.

2. Import the certificate.

   Management console

   CLI

   API

   1. In the management console, select the folder where the certificate will be restored.
   2. In the list of services, select Certificate Manager.
   3. Click Add certificate.
   4. In the menu that opens, select User certificate.
   5. In the window that opens, enter a name for your certificate in the Name field.
   6. (Optional) In the Description field, enter a description for the certificate.
   7. In the Intermediate certificate chain field, click Add chain.
      1. Choose how to add a certificate: File.
      2. Click Attach file and specify the certificate chain file.
      3. Click Add.
   8. In the Private key field, click Add private key.
      1. Choose how to add it: File or Text.
      2. Click Attach file and specify the private key file.
      3. Click Add.
   9. Click Create.

   If you do not have the Yandex Cloud command line interface yet, install and initialize it.

   The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

   1. View a description of the command:

      yc cm certificate create --help
      

   2. Run this command:

      yc cm certificate create \
        --name <certificate_name> \
        --chain <path_to_certificate_chain_file> \
        --key <path_to_private_key_file>
      ...
      

   To import a certificate, use the create REST API method for the Certificate resource or the CertificateService/Create gRPC API call.

   The ID of the restored certificate will be different from the ID that the certificate had when it was saved.

3. Repeat the process for each certificate you want to restore.

The saved Let's Encrypt certificate becomes a custom certificate after it's restored. To renew this certificate, download its latest version yourself.

See alsoSee also

• Adding a custom certificate.