Renewing a custom certificate
Certificate Manager does not manage custom certificates. To make your certificate continuously available to your resources, make sure to renew it on time.
To get a new version of a custom certificate:
- In the management console, select the folder you added the certificate to.
- Navigate to Certificate Manager.
- Select the certificate you need to renew.
- Click Renew certificate.
- In the window that opens, click Add certificate in the Certificate field.
- Choose how to add it:
FileorText. - Click Add.
- Choose how to add it:
- In the Intermediate certificate chain field, click Add chain.
- Choose how to add it:
FileorText. - Click Add.
- Choose how to add it:
- In the Private key field, click Add private key.
- Choose how to add it:
FileorText. - Click Add.
- Choose how to add it:
- Click Update.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
-
View the command description:
yc certificate-manager certificate update --help -
View the list of certificates:
yc certificate-manager certificate listResult:
+----------------------+--------+-------------+---------------------+----------+--------+ | ID | NAME | DOMAINS | NOT AFTER | TYPE | STATUS | +----------------------+--------+-------------+---------------------+----------+--------+ | fpqmg47avvim******** | mycert | example.com | 2021-09-15 06:48:26 | IMPORTED | ISSUED | +----------------------+--------+-------------+---------------------+----------+--------+ -
Run this command:
yc certificate-manager certificate update \ --id fpqmg47avvim******** \ --chain myupdatedcert.pem \ --key myupdatedkey.pemWhere:
--id: ID of the certificate you need to renew.--chain: Path to the new certificate chain file.--key: Path to the certificate's new private key file.
Result:
id: fpqmg47avvim******** folder_id: b1g7gvsi89m3******** created_at: "2020-09-15T06:54:44.916Z" ... issued_at: "2020-09-15T08:23:50.147668Z" not_after: "2021-09-15T08:12:57Z" not_before: "2020-09-15T08:12:57Z"
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
Open the Terraform configuration file and edit the
certificateandprivate_keycertificate properties:Example of a certificate description in the Terraform configuration
... resource "yandex_cm_certificate" "imported-certificate" { name = "my-certificate" description = "this is a test certificate" self_managed { certificate = <<-EOT -----BEGIN CERTIFICATE----- MIIF... -----END CERTIFICATE----- EOT private_key = <<-EOT -----BEGIN PRIVATE KEY----- MIIJ... -----END PRIVATE KEY----- EOT } } ... -
Apply the changes:
-
In the terminal, navigate to the configuration file directory.
-
Make sure the configuration is correct using this command:
terraform validateIf the configuration is valid, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
-
Apply the configuration changes:
terraform apply -
Type
yesand press Enter to confirm the changes.
-
You can check the edited certificate using the management console or this CLI command:
yc certificate-manager certificate get <certificate_name>
To renew a certificate, use the update REST API method for the Certificate resource or the CertificateService/Update gRPC API call.