Errors

Errors return both an HTTP status code and an error message. Errors caused by the client return a 4xx Client Error status code. Errors caused by the API service return a 5xx Server Error status code.

Example error response

json
{
  "errors": [
    {
      "code": "<error_code>",
      "message": "<error_message>"
    }
  ]
}

Response parameters

Name Type Description
errors array List of errors from the request.
.. code string Error code identifying a specific error.
.. message string Description of the error.

4xx Client Error codes

Status Code Description
429 request_limit_exceeded Service unavailable, please limit request volume.
See Rate limits
404 not_found Generic 404 message. Make sure the endpoint URL is properly constructed.
404 not_found|order The specified order was not found.
Make sure:
  • The SSL/TLS certificate order ID is correct.
  • The SSL/TLS certificate has been migrated to your CertCentral account.
For more information, see What you need to know about domain and certificate migration.
404 not_found|product The specified product was not found. Make sure you are using the correct product identifier.
See Glossary – Product identifiers
404 not_found|route The endpoint does not exist. Make sure the endpoint URL you are using is correct.
403 access_denied|missing_permission The API key you are using does not have permission to carry out the request. Send a GET request to the /user/me endpoint and find the access_roles.name value to identify the key's authorization level.
400 ambiguous_product The product.type_hint value could not be used to determine a product.
See Submit order – Request parameters table
400 auth_key_exists_for_account An AuthKey has already been created for your account.
400 bad_request_format The request body is malformed. Make sure the request body uses valid JSON or XML.
400 caa_check_failed|variable CAA check failed. Make sure the CAA resource records for the domain are configured correctly.
For more information, see DNS CAA resource record checks.
400 caa_not_found|variable CAA check failed. Make sure the CAA resource records for the domain are configured correctly.
For more information, see DNS CAA resource record checks.
400 cert_transparency_turned_off_for_account CT logging has been disabled for your CertCentral account. An administrator must enable this feature.
400 cert_validity_exceeds_order_validity The validity period of the certificate cannot exceed the validity period of the order.
400 csr_invalid_cannot_parse The CSR is not in the correct format, is missing required fields, or contains fields with invalid characters.
See Create a CSR
400 csr_not_allowed The specified product does not use a CSR.
See Glossary – CSR requirements
400 ct_logging_disabled CT logging has been disabled for your CertCentral account. An administrator must enable this feature.
400 custom_expiration_not_allowed Allowed validity periods are configured for the product type. Remove the restrictions to allow custom expiration dates.
400 disabled_domain The submitted domain is deactivated. You must activate the domain before you can submit it.
See Activate domain
400 dns_entry_missing|variable Expected value not found on the DNS TXT record for the domain. Make sure the request token for the DNS TXT record is valid.
400 dns_internal_error|variable Unable to process request. Please try again.
400 dns_invalid_domain|variable The domain is invalid. Make sure the domain string is correct.
400 dns_invalid_entry|variable Invalid DNS TXT record. Make sure the DNS TXT record exists and has a valid request token.
For more information about generating a request token for immediate DV certificate issuance, see DV certificate immediate issuance - How to generate your request token.
400 dns_lookup_timeout_caa|variable CAA check failed. Make sure the CAA resource records for the domain are configured correctly.
For more information, see DNS CAA resource record checks.
400 dns_mismatch|variable No DNS TXT record found for the domain. Make sure a valid DNS TXT record exists for the domain.
400 domain_not_allowed Domain restrictions are configured for the specified container.
400 email_domain_not_validated Email must have a validated domain.
400 email_not_valid_email_format The submitted email address is not valid. Make sure the submitted email address follows standard email address conventions.
400 file_incorrect_content|variable Expected content not found in the fileauth.txt file for the domain. Make sure the content of the fileauth.txt file is formatted correctly.
For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth.
400 file_invalid_format|variable The fileauth.txt file for the domain is not formatted correctly. Check that you are using the correct file format and request token.
For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth.
400 file_not_found|variable Could not find a fileauth.txt file for the domain. Make sure a valid filauth.txt file is hosted in the right location, and check that the domain string is correct.
For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth.
400 file_outdated_content|variable The timestamp in the request token is invalid. Make sure you have formatted the timestamp and request token correctly, and check that the timestamp has not expired.
For more information about creating timestamps and generating request tokens for immediate DV certificate issuance, see DV certificate immediate issuance.
400 file_random_value_not_found Unable to find the random value at the expected file location for the domain.
Make sure:
  • .txt file name is fileauth.txt.
  • fileauth.txt file was placed under .well-known/pki-validation/
    Example URL: http://[yourdomain]/.well-known/pki-validation/fileauth.txt
  • Random value in the fileauth.txt file matches the DigiCert provide random value.
For more information:
400 file_server_not_reachable|variable Could not reach the server for the domain. Make sure the domain string is correct, and check that your server is configured correctly.
400 inactive_organization The submitted organization is deactivated. Activate the organization or specify a different organization.
See Activate organization
400 internal_data_check_failed|variable Unable to process request. Please try again.
400 internal_names_not_allowed
400 invalid_caa_entry|variable CAA check failed. Make sure the CAA resource records for the domain are configured correctly.
For more information, see DNS CAA resource record checks.
400 invalid_ca_cert_id The specified Certificate Authority is not valid.
400 invalid_chars:<param.name> The specified parameter contains invalid characters. Refer to the endpoint's Response parameters table for valid input characters.
400 invalid_common_name_on_duplicate The common name on duplicate requests must match what was on the original order. Refer to the original order for the correct common name.
400 invalid_dns_cname Unable to find a valid DNS CNAME record for the domain.
Make sure:
  • DNS CNAME record changes are live.
  • Random value in the CNAME record matches the DigiCert provided random value.
  • Target host field (or equivalent) is set to dcv.digicert.com.
For more information, see Use DNS CNAME record to demonstrate control over the domain.
400 invalid_dns_method The DCV method for the order is set to email.
400 invalid_dns_name_on_duplicate The DNS name on duplicate requests must match what was on the original order. Refer to the original order for the correct DNS name.
400 invalid_dns_txt Unable to find a valid DNS TXT record for the domain.
Make sure:
  • DNS TXT record changes are live.
  • Random value in the TXT record matches the DigiCert provided random value.
For more information, see Use DNS TXT record to demonstrate control over the domain
400 invalid_payment_method The specified payment method is not enabled. To use the specified payment request, you must enable it in your account.
400 invalid_value:<param.name> The specified parameter contains an invalid value. Refer to the endpoint's Response parameters table for valid input values.
400 missing_ca_cert_id The certificate authority ID is required for this request. Specify the certificate authority to issue the certificate from and resend your request.
400 missing_dns_name_on_duplicate The DNS name is missing from the request. DNS names cannot be removed on duplicate orders. Resend the request with the DNS name included.
400 missing_request_data No body was sent with the request. Refer to the endpoint's documentation for request requirements.
400 missing_required_custom_field The request body is missing a required custom field.
To get a list of custom order field metadata for your account, see List custom fields.
400 no_private_ca_enabled No private certificate authorities are enabled for the account.
400 not_allowed_to_change_ct_setting_per_order The per certificate order feature has not been activated for your CertCentral account. An administrator must enable this feature.
400 note_contains_private_key Never share private keys with any third party, including DigiCert. Remove the private key and try again.
400 order_not_eligible_for_duplicate Duplicates are not allowed for the specified order.
400 other_domain_on_wildcard All SANs on a wildcard certificate must have the same common name. Either change the SANs to use the same common name or order a multi-domain certificate.
400 pending_reissue A previous reissue request is still pending for the order. You must reject or approve and issue the pending request before a new reissue request can be placed.
400 product_name_limit_exceeded You have exceeded the number of names allowed on this product.
400 product_not_allowed This product is not allowed.
400 protected_domain One or more domains listed on this certificate request are protected by the domain owner. Modify the domains and resubmit the request.
400 required_param: The specified parameter is required. Refer to the endpoint's Response parameters table to identify required and optional parameters.
400 rfc5280_common_name_invalid The submitted common name does not conform to industry standards.
400 rfc5280_common_name_too_long Common name must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_unit_too_long Organization units must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_name_too_long Organization name total length (including Assumed Name for EV certificates) must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_address_field_too_long Address fields must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_unit_invalid The org unit field contains an invalid value according to industry standards.
400 rfc5280_org_invalid One or more fields on the organization contains invalid values according to industry standards.
400 va_not_eligible_order The request failed for one of the following reasons:
  • The certificate hasn’t been issued yet.
  • The certificate is pending, revoked, or expired.
  • The order is not available to your account.
400 va_not_eligible_product The request failed because the product does not support vulnerability assessments.
For a list of products that support vulnerability assessments, see Vulnerability assessments – Supported products.
400 va_order_not_found No data found for the submitted request. Make sure you are using the correct order ID, then try again.
400 va_order_already_enabled Vulnerability assessments are already enabled for the order.
400 va_order_not_enabled Vulnerability assessments are not enabled for the order. Make sure you are using the correct order ID and that vulnerability assessments are enabled, then try again.
400 va_domain_not_found The domain in the request is not included on the specified order. Make sure you are using the correct domain and order ID, then try again.
400 va_email_recipient_not_found No email recipient found on the order.
400 va_bad_request The request is not formatted correctly. Make sure the filter parameters and URL query strings in your request are formatted correctly, then try again.
400 username_unavailable The specified username is not available.