Back up certificates
Saving a certificate
To save a certificate:
-
Get the certificate ID.
Management consoleCLIAPI- In the management console
, select the folder where the certificate is located. - In the list of services, select Certificate Manager.
- Copy the contents of the ID field for the certificate you want to save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter.-
View a description of the CLI command to get the certificate list:
yc cm certificate list --help
-
Run this command:
yc cm certificate list
To get the certificate ID, use the list REST API method for the Certificate resource or the CertificateService/List gRPC API call.
- In the management console
-
Get the contents of the certificate.
CLIAPIIf you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter.-
View a description of the CLI command to get the certificate contents:
yc cm certificate content --help
-
Run this command:
yc cm certificate content \ --id <certificate_ID> \ --chain <path_to_certificate_chain_file> \ --key <path_to_private_key_file> ...
To get the certificate contents, use the get REST API method for the CertificateContent resource or the CertificateContentService/Get gRPC API call.
Keep the resulting files in a secure place for long-term storage.
-
-
Repeat the procedure for each certificate you want to back up.
Restoring a certificate
Note
You can't restore an expired certificate.
To restore a user certificate from the certificate chain and key files:
-
Prepare the files with the certificate contents.
-
Import the certificate.
Management consoleCLIAPI- In the management console
, select the folder where the certificate will be restored. - In the list of services, select Certificate Manager.
- Click Add certificate.
- In the menu that opens, select User certificate.
- In the window that opens, enter a name for your certificate in the Name field.
- (Optional) In the Description field, enter a description for the certificate.
- In the Intermediate certificate chain field, click Add chain.
- Choose how to add a certificate:
File
. - Click Attach file and specify the certificate chain file.
- Click Add.
- Choose how to add a certificate:
- In the Private key field, click Add private key.
- Choose how to add it:
File
orText
. - Click Attach file and specify the private key file.
- Click Add.
- Choose how to add it:
- Click Create.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter.-
View a description of the command:
yc cm certificate create --help
-
Run this command:
yc cm certificate create \ --name <certificate_name> \ --chain <path_to_certificate_chain_file> \ --key <path_to_private_key_file> ...
To import a certificate, use the create REST API method for the Certificate resource or the CertificateService/Create gRPC API call.
The ID of the restored certificate will be different from the ID that the certificate had when it was saved.
- In the management console
-
Repeat the process for each certificate you want to restore.
The saved Let's Encrypt certificate becomes a custom certificate after it's restored. To renew this certificate, download its latest version yourself.