Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Backing up certificates

Written by
Updated at May 5, 2026

Saving a certificate

To save a certificate:

  1. Get the certificate ID.

    1. In the management console, select the folder with your certificate.
    2. Navigate to Certificate Manager.
    3. Copy the ID field data for the certificate you want to save.

    If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

    1. View the description of the CLI command for getting a list of certificates:

      yc cm certificate list --help

    2. Run this command:

      yc cm certificate list

    To get the certificate ID, use the list REST API method for the Certificate resource or the CertificateService/List gRPC API call.

  2. Get the certificate contents.

    If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

    1. View the description of the CLI command for getting certificate contents:

      yc cm certificate content --help

    2. Run this command:

      yc cm certificate content \
  --id <certificate_ID> \
  --chain <path_to_certificate_chain_file> \
  --key <path_to_private_key_file>
...

    To get the certificate contents, use the get REST API method for the CertificateContent resource or the CertificateContentService/Get gRPC API call.

    Put the resulting files in a secure long-term storage.

  3. Repeat the steps for each certificate you want to back up.

Restoring a certificate

Note

You cannot restore an expired certificate.

To restore a user certificate from the certificate chain and key files:

  1. Prepare the files with the certificate contents.

  2. Import the certificate.

    1. In the management console, select the folder the certificate will be restored to.
    2. Navigate to Certificate Manager.
    3. Click Add certificate.
    4. In the menu that opens, select User certificate.
    5. In the window that opens, enter a name for your certificate in the Name field.
    6. Optionally, in the Description field, describe the certificate.
    7. In the Intermediate certificate chain field, click Add chain.
      1. Choose how to add it: File.
      2. Click Attach file and specify the certificate chain file.
      3. Click Add.
    8. In the Private key field, click Add private key.
      1. Choose how to add it: File or Text.
      2. Click Attach file and specify the private key file.
      3. Click Add.
    9. Click Create.

    If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

    1. View the command description:

      yc cm certificate create --help

    2. Run this command:

      yc cm certificate create \
  --name <certificate_name> \
  --chain <path_to_certificate_chain_file> \
  --key <path_to_private_key_file>
...

    To import a certificate, use the create REST API method for the Certificate resource or the CertificateService/Create gRPC API call.

    The ID of the restored certificate will be different from the ID the certificate had upon saving.

  3. Repeat the steps for each certificate you want to restore.

If you restore a saved Let's Encrypt certificate, it becomes a custom one. To renew this certificate, download its latest version yourself.

See also

Previous
Deleting a certificate
Next
Adding an alert for a certificate