DescribeCertificateState - Certificate Management Service

Queries the status of a specified certificate request order.

Operation description

If you have not completed domain ownership validation after submitting a certificate request, you can call this operation to obtain the information required to complete domain validation. Using the returned domain validation information, you can complete domain validation on the DNS management platform (DNS validation method) or on the domain server (file validation method).

Your certificate request will enter the CA center review stage only after you complete domain validation. After the CA center approves your certificate request, a certificate will be issued to you. If the certificate has been issued, you can call this operation to obtain the issued certificate file and private key content.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cert:DescribeCertificateState

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
OrderId	integer	Yes	The ID of the certificate request order to query. Note You can call ListUserCertificateOrder to obtain this ID.	123451222

When you call an API operation, in addition to the request parameters specific to the operation, you must also include Alibaba Cloud common request parameters.

For the request format when calling an API operation, see the request examples in the Examples section of this topic.

Response parameters

Parameter	Type	Description	Example
	object	The object.
Type	string	The status of the certificate request order. Valid values: domain_verify: Pending validation, which indicates that you have not completed domain validation after submitting the certificate request. Note After you submit a certificate request, you must manually complete domain ownership validation before the certificate request can enter the review stage. If you have not completed domain validation, you can refer to the response parameters of this operation to complete domain validation. process: Under review, which indicates that the certificate request is being reviewed by the CA center. verify_fail: Review failed, which indicates that the certificate request failed the review. Note The review may fail because the certificate request information you submitted is incorrect. We recommend that you call DeleteCertificateRequest to delete the order that failed the review (deleted orders do not consume certificate resource plan quota) and submit a new certificate request. certificate: Issued, which indicates that the certificate has been issued. payed: Pending request, which indicates that the certificate is pending request. unknow: Unknown status.	domain_verify
Domain	string	The domain name to be validated when you use the file validation method for domain validation. You need to connect to the server corresponding to this domain name and create the specified file (i.e., Uri) on the server. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).	www.example.com
RecordType	string	The type of DNS record that you need to add when you use the DNS validation method for domain validation. Valid values: TXT: text record. CNAME: alias record. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).	TXT
CertId	string	The certificate ID. Note This parameter is returned when the certificate is issued.	111111
RequestId	string	The ID of the request.	082FAB35-6AB9-4FD5-8750-D36673548E76
RecordDomain	string	The host record that you need to operate when you use the DNS validation method for domain validation. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).	_dnsauth
PrivateKey	string	The content of the certificate private key (in PEM format). For more information about the PEM format and how to convert the format of a certificate, see What are the formats of mainstream digital certificates?. Note This parameter is returned only when Type is set to certificate (indicating that the certificate has been issued).	——BEGIN RSA PRIVATE KEY—— …… ——END RSA PRIVATE KEY——
ValidateType	string	The domain validation method selected when submitting the certificate request. Valid values: DNS: DNS validation. This method validates domain ownership by adding the specified DNS record to the domain on the DNS management platform. FILE: file validation. This method validates domain ownership by creating the specified file on the domain server. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage).	FILE
RecordValue	string	The record value that you need to add when you use the DNS validation method for domain validation. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).	20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy
Content	string	The content that you need to write to the newly created file when you use the file validation method for domain validation. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).	http://example.com/.well-known/pki-validation/fileauth.txt
Uri	string	The file that you need to create on the domain server when you use the file validation method for domain validation. Uri includes the file path and name. Note This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).	/.well-known/pki-validation/fileauth.txt
Certificate	string	The certificate content (in PEM format). For more information about the PEM format and how to convert the format of a certificate, see What are the formats of mainstream digital certificates?. Note This parameter is returned only when Type is set to certificate (indicating that the certificate has been issued).	——BEGIN CERTIFICATE—— …… ——END CERTIFICATE——

Examples

Success response

JSON format

{
  "Type": "domain_verify",
  "Domain": "www.example.com",
  "RecordType": "TXT",
  "CertId": "111111",
  "RequestId": "082FAB35-6AB9-4FD5-8750-D36673548E76",
  "RecordDomain": "_dnsauth",
  "PrivateKey": "——BEGIN RSA PRIVATE KEY—— …… ——END RSA PRIVATE KEY——",
  "ValidateType": "FILE",
  "RecordValue": "20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy",
  "Content": "http://example.com/.well-known/pki-validation/fileauth.txt",
  "Uri": "/.well-known/pki-validation/fileauth.txt",
  "Certificate": "——BEGIN CERTIFICATE—— …… ——END CERTIFICATE——"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.