Contact usConsole
© 2023 Nebius Israel Ltd
Certificate Manager

Certificate Manager API, REST: Certificate.list

Returns the list of certificates in the specified folder.

HTTP request

GET https://cpl.ycm.api.il.nebius.cloud/certificate-manager/v1/certificates

Query parameters

Parameter Description
folderId

Required. ID of the folder to list certificate in.

The maximum string length in characters is 50.
pageSize

The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Default value: 100.

The maximum value is 1000.
pageToken

Page token. To get the next page of results, set page_token to the nextPageToken returned by a previous list request.

The maximum string length in characters is 100.
view

The output type of the certificate.

  • BASIC: Output basic information about the certificate.
  • FULL: Output full information about the certificate including domain challenges.

Response

HTTP Code: 200 - OK

{
  "certificates": [
    {
      "id": "string",
      "folderId": "string",
      "createdAt": "string",
      "name": "string",
      "description": "string",
      "labels": "object",
      "type": "string",
      "domains": [
        "string"
      ],
      "status": "string",
      "issuer": "string",
      "subject": "string",
      "serial": "string",
      "updatedAt": "string",
      "issuedAt": "string",
      "notAfter": "string",
      "notBefore": "string",
      "challenges": [
        {
          "domain": "string",
          "type": "string",
          "createdAt": "string",
          "updatedAt": "string",
          "status": "string",
          "message": "string",
          "error": "string",

          // `certificates[].challenges[]` includes only one of the fields `dnsChallenge`, `httpChallenge`
          "dnsChallenge": {
            "name": "string",
            "type": "string",
            "value": "string"
          },
          "httpChallenge": {
            "url": "string",
            "content": "string"
          },
          // end of the list of possible fields`certificates[].challenges[]`

        }
      ],
      "deletionProtection": true,
      "incompleteChain": true
    }
  ],
  "nextPageToken": "string"
}
Field Description
certificates[] object

List of certificates in the specified folder.
certificates[].
id		 string

ID of the certificate. Generated at creation time.
certificates[].
folderId		 string

ID of the folder that the certificate belongs to.
certificates[].
createdAt		 string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
name		 string

Name of the certificate. The name is unique within the folder.
certificates[].
description		 string

Description of the certificate.
certificates[].
labels		 object

Certificate labels as key:value pairs.
certificates[].
type		 string

Type of the certificate.

Supported certificate types.

  • IMPORTED: The certificate is imported by user.
  • MANAGED: The certificate is created by service.
certificates[].
domains[]		 string

Fully qualified domain names of the certificate.
certificates[].
status		 string

Status of the certificate.

  • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
  • INVALID: The certificate issuance is failed. Used only for managed certificates.
  • ISSUED: The certificate is issued.
  • REVOKED: The certificate is revoked.
  • RENEWING: The certificate renewal is started. Used only for managed certificates.
  • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.
certificates[].
issuer		 string

Distinguished Name of the certificate authority that issued the certificate.
certificates[].
subject		 string

Distinguished Name of the entity that is associated with the public key contained in the certificate.
certificates[].
serial		 string

Serial number of the certificate.
certificates[].
updatedAt		 string (date-time)

Time when the certificate is updated.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
issuedAt		 string (date-time)

Time when the certificate is issued.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
notAfter		 string (date-time)

Time after which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
notBefore		 string (date-time)

Time before which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
challenges[]		 object

Domains validation challenges of the certificate. Used only for managed certificates.
certificates[].
challenges[].
domain		 string

Domain of the challenge.
certificates[].
challenges[].
type		 string
Type of the challenge.
  • DNS: Domain validation type that using DNS-records.
  • HTTP: Domain validation type that using HTTP-files.
certificates[].
challenges[].
createdAt		 string (date-time)

Time when the challenge is created.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
challenges[].
updatedAt		 string (date-time)

Time when the challenge is updated.

String in RFC3339 text format. The range of possible values is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
certificates[].
challenges[].
status		 string
Status of the challenge.
  • PENDING: The challenge is waiting to be completed.
  • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
  • VALID: The challenge is complete.
  • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.
certificates[].
challenges[].
message		 string

Description of the challenge.
certificates[].
challenges[].
error		 string

Error of the challenge.
certificates[].
challenges[].
dnsChallenge		 object
DNS-record.
certificates[].challenges[] includes only one of the fields dnsChallenge, httpChallenge
certificates[].
challenges[].
dnsChallenge.
name		 string

Name of the DNS record.
certificates[].
challenges[].
dnsChallenge.
type		 string

Type of the DNS-record.
certificates[].
challenges[].
dnsChallenge.
value		 string

Value of the DNS-record.
certificates[].
challenges[].
httpChallenge		 object
HTTP-file.
certificates[].challenges[] includes only one of the fields dnsChallenge, httpChallenge
certificates[].
challenges[].
httpChallenge.
url		 string

Location of the HTTP file.
certificates[].
challenges[].
httpChallenge.
content		 string

Content of the HTTP file.
certificates[].
deletionProtection		 boolean (boolean)

Flag that protects deletion of the certificate
certificates[].
incompleteChain		 boolean (boolean)

Mark imported certificates without uploaded chain or with chain which not lead to root certificate
nextPageToken string

This token allows you to get the next page of results for list requests. If the number of results is greater than the specified pageSize, use the next_page_token as the value for the pageToken query parameter in the next list request. Each subsequent list request will have its own nextPageToken to continue paging through the results.
© 2023 Nebius Israel Ltd
In this article: