Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Certificate Manager
  • Getting started
    • All guides
      • Adding a certificate
      • Getting the contents of a certificate
      • Domain rights check procedure
      • Renewing a certificate
      • Editing a certificate
      • Deleting a certificate
    • Backups
    • Adding alerts for certificates
    • Configuring access to a certificate
    • Viewing operations with a certificate
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  • FAQ

In this article:

  • Adding a new certificate
  • Viewing certificate issue status
  1. Step-by-step guides
  2. Certificate from Let's Encrypt
  3. Adding a certificate

Adding a Let's Encrypt® certificate

Written by
Yandex Cloud
Updated at June 9, 2025
  • Adding a new certificate
  • Viewing certificate issue status

You can use a certificate from Certificate Manager in the specified Yandex Cloud services only.

Adding a new certificateAdding a new certificate

Management console
CLI
Terraform
API
  1. In the management console, select the folder to add a certificate to.

  2. From the list of services, select Certificate Manager.

  3. Click Add certificate.

  4. In the menu that opens, select Let's Encrypt certificate.

  5. In the window that opens, enter a name for your certificate in the Name field.

  6. (Optional) In the Description field, enter a description for the certificate.

  7. In the Domains field, list the domains to issue a certificate for.

    Domain names may contain a mask, e.g., *.example.com. If so, select DNS as the type of domain rights check. For more information, see Check rights for domain.

  8. Select the type of domain rights check: DNS or HTTP.

  9. Click Create.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. View a description of the command:

    yc certificate-manager certificate request --help
    
  2. Run this command:

    yc certificate-manager certificate request \
      --name mymanagedcert \
      --domains example.com
    

    Where:

    • --name: Certificate name
    • --domains: Certificate domains

    Result:

    id: fpq6gvvm6piu********
    folder_id: b1g7gvsi89m3********
    created_at: "2020-09-15T08:49:11.533771Z"
    ...
    - example.com
    status: VALIDATING
    updated_at: "2020-09-15T08:49:11.533771Z"
    

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the Terraform configuration file, define the parameters of the resource you want to create:

    resource "yandex_cm_certificate" "le-certificate" {
      name    = "<certificate_name>"
      domains = ["<domain>"]
    
      managed {
      challenge_type = "<check_type>"
      }
    }
    

    Where:

    • domains: List of domains you need to create a certificate for.
    • challenge_type: Type of domain rights check the domain owner should pass. The possible values are:
      • DNS_CNAME: Create a DNS record in CNAME format with the specified value. This method is recommended for automatic certificate renewal.
      • DNS_TXT: Create a DNS record in TXT format with the specified value.
      • HTTP: Place the specified value in the specified URL.

    For more information about the yandex_cm_certificate resource properties, see the Terraform provider documentation.

  2. Create the resources:

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate
      

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.
      
    3. Run this command:

      terraform plan
      

      You will see a detailed list of resources. No changes will be made at this step. Terraform will show any errors found in your configuration.

    4. Apply the changes:

      terraform apply
      
    5. Type yes and press Enter to confirm the changes.

A certificate will then be created in the specified folder. You can check the new certificate and its settings using the management console or this CLI command:

yc certificate-manager certificate get <certificate_name>

To add a certificate, use the requestNew REST API method for the Certificate resource or the CertificateService/RequestNew gRPC API call.

A new certificate with the Validating status will appear in the certificate list. This status means that a request for a Let's Encrypt® certificate has been created. You need to get your domain rights confirmed for the request to be processed.

Note

For a successful DNS domain rights check based on a CNAME record, make sure the _acme-challenge subdomain of the domain name you are checking has no other resource records except CNAME. For example, for the _acme-challenge.example.com. domain name, there should only be a CNAME record and no TXT record.

Viewing certificate issue statusViewing certificate issue status

You can view the certificate issue status and possible issue errors in the management console:

  1. Select Certificate Manager.

  2. Select the certificate from the list.

    The certificate's current issue stage will be shown next to the Validation field.

  3. To view the stage description and outcome, click Show logs.

    For more information about certificate issue stages, see Let's Encrypt certificate.

See alsoSee also

  • Get the contents of the Let's Encrypt certificate
  • Checking domain rights
  • Renew a certificate

Was the article helpful?

Previous
All guides
Next
Getting the contents of a certificate
© 2025 Direct Cursus Technology L.L.C.