All Products
Search
Document Center

Certificate Management Service:DescribeCertificateState

Last Updated:Jun 10, 2026

Mengkueri status pesanan aplikasi sertifikat, seperti progres validasi domain.

Deskripsi operasi

If you have not completed domain ownership validation after submitting a certificate request, you can call this operation to obtain the information required to complete domain validation. Using the returned domain validation information, you can complete domain validation on the DNS management platform (DNS validation method) or on the domain server (file validation method).

Your certificate request will enter the CA center review stage only after you complete domain validation. After the CA center approves your certificate request, a certificate will be issued to you. If the certificate has been issued, you can call this operation to obtain the issued certificate file and private key content.

Coba sekarang

Coba API ini di OpenAPI Explorer tanpa perlu penandatanganan manual. Panggilan yang berhasil akan secara otomatis menghasilkan contoh kode SDK sesuai dengan parameter Anda. Unduh kode tersebut dengan kredensial bawaan yang aman untuk penggunaan lokal.

Test

RAM authorization

Tabel berikut menjelaskan otorisasi yang diperlukan untuk memanggil API ini. Anda dapat menentukannya dalam kebijakan Resource Access Management (RAM). Kolom pada tabel dijelaskan sebagai berikut:

  • Action: Aksi yang dapat digunakan dalam elemen Action pada pernyataan kebijakan izin RAM untuk memberikan izin guna melakukan operasi tersebut.

  • API: API yang dapat Anda panggil untuk melakukan aksi tersebut.

  • Access level: Tingkat akses yang telah ditentukan untuk setiap API. Nilai yang valid: create, list, get, update, dan delete.

  • Resource type: Jenis resource yang mendukung otorisasi untuk melakukan aksi tersebut. Ini menunjukkan apakah aksi tersebut mendukung izin tingkat resource. Resource yang ditentukan harus kompatibel dengan aksi tersebut. Jika tidak, kebijakan tersebut tidak akan berlaku.

    • Untuk API dengan izin tingkat resource, jenis resource yang diperlukan ditandai dengan tanda bintang (*). Tentukan Nama Sumber Daya Alibaba Cloud (ARN) yang sesuai dalam elemen Resource pada kebijakan.

    • Untuk API tanpa izin tingkat resource, ditampilkan sebagai All Resources. Gunakan tanda bintang (*) dalam elemen Resource pada kebijakan.

  • Condition key: Kunci kondisi yang didefinisikan oleh layanan. Kunci ini memungkinkan kontrol granular, berlaku baik hanya untuk aksi maupun untuk aksi yang terkait dengan resource tertentu. Selain kunci kondisi spesifik layanan, Alibaba Cloud menyediakan serangkaian common condition keys yang berlaku di semua layanan yang didukung RAM.

  • Dependent action: Aksi dependen yang diperlukan untuk menjalankan aksi tersebut. Untuk menyelesaikan aksi tersebut, pengguna RAM atau role RAM harus memiliki izin untuk melakukan semua aksi dependen.

Action

Access level

Resource type

Condition key

Dependent action

yundun-cert:DescribeCertificateState

get

*All Resource

*

None None

Parameter permintaan

Parameter

Type

Required

Description

Example

OrderId

integer

Yes

ID pesanan permintaan sertifikat yang akan dikueri.

Catatan

Anda dapat memanggil ListUserCertificateOrder untuk memperoleh ID ini.

123451222

Saat Anda memanggil operasi API, selain parameter permintaan khusus untuk operasi tersebut, Anda juga harus menyertakan parameter permintaan umum Alibaba Cloud.

Untuk format permintaan saat memanggil operasi API, lihat contoh permintaan di bagian Examples pada topik ini.

Elemen respons

Element

Type

Description

Example

object

The object.

Type

string

The status of the certificate request order. Valid values:

  • domain_verify: Pending validation, which indicates that you have not completed domain validation after submitting the certificate request.

    Catatan

    After you submit a certificate request, you must manually complete domain ownership validation before the certificate request can enter the review stage. If you have not completed domain validation, you can refer to the response parameters of this operation to complete domain validation.

  • process: Under review, which indicates that the certificate request is being reviewed by the CA center.

  • verify_fail: Review failed, which indicates that the certificate request failed the review.

    Catatan

    The review may fail because the certificate request information you submitted is incorrect. We recommend that you call DeleteCertificateRequest to delete the order that failed the review (deleted orders do not consume certificate resource plan quota) and submit a new certificate request.

  • certificate: Issued, which indicates that the certificate has been issued.

  • payed: Pending request, which indicates that the certificate is pending request.

  • unknow: Unknown status.

domain_verify

Domain

string

The domain name to be validated when you use the file validation method for domain validation. You need to connect to the server corresponding to this domain name and create the specified file (i.e., Uri) on the server.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).

www.example.com

RecordType

string

The type of DNS record that you need to add when you use the DNS validation method for domain validation. Valid values:

  • TXT: text record.

  • CNAME: alias record.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).

TXT

CertId

string

The certificate ID.

Catatan

This parameter is returned when the certificate is issued.

111111

RequestId

string

The ID of the request.

082FAB35-6AB9-4FD5-8750-D36673548E76

RecordDomain

string

The host record that you need to operate when you use the DNS validation method for domain validation.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).

_dnsauth

PrivateKey

string

The content of the certificate private key (in PEM format). For more information about the PEM format and how to convert the format of a certificate, see What are the formats of mainstream digital certificates?.

Catatan

This parameter is returned only when Type is set to certificate (indicating that the certificate has been issued).

-----BEGIN RSA PRIVATE KEY-----…… -----END RSA PRIVATE KEY-----

ValidateType

string

The domain validation method selected when submitting the certificate request. Valid values:

  • DNS: DNS validation. This method validates domain ownership by adding the specified DNS record to the domain on the DNS management platform.

  • FILE: file validation. This method validates domain ownership by creating the specified file on the domain server.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage).

FILE

RecordValue

string

The record value that you need to add when you use the DNS validation method for domain validation.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to DNS (indicating the DNS validation method).

20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy

Content

string

The content that you need to write to the newly created file when you use the file validation method for domain validation.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).

http://example.com/.well-known/pki-validation/fileauth.txt

Uri

string

The file that you need to create on the domain server when you use the file validation method for domain validation. Uri includes the file path and name.

Catatan

This parameter is returned only when Type is set to domain_verify (indicating the domain validation stage) and ValidateType is set to FILE (indicating the file validation method).

/.well-known/pki-validation/fileauth.txt

Certificate

string

The certificate content (in PEM format). For more information about the PEM format and how to convert the format of a certificate, see What are the formats of mainstream digital certificates?.

Catatan

This parameter is returned only when Type is set to certificate (indicating that the certificate has been issued).

-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----

Contoh

Respons sukses

JSONformat

{
  "Type": "domain_verify",
  "Domain": "www.example.com",
  "RecordType": "TXT",
  "CertId": "111111",
  "RequestId": "082FAB35-6AB9-4FD5-8750-D36673548E76",
  "RecordDomain": "_dnsauth",
  "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----…… -----END RSA PRIVATE KEY-----",
  "ValidateType": "FILE",
  "RecordValue": "20200420000000223erigacv46uhaubchcm0o7spxi7i2isvjq59mlx9lucnkqcy",
  "Content": "http://example.com/.well-known/pki-validation/fileauth.txt",
  "Uri": "/.well-known/pki-validation/fileauth.txt",
  "Certificate": "-----BEGIN CERTIFICATE----- …… -----END CERTIFICATE-----"
}

Kode kesalahan

Lihat Error Codes untuk daftar lengkap.

Catatan rilis

Lihat Release Notes untuk daftar lengkap.