Errors

Errors return both an HTTP status code and an error message. Errors caused by the client return a 4xx Client Error status code. Errors caused by the API service return a 5xx Server Error status code.

Example error response

json
{
  "errors": [
    {
      "code": "<error_code>",
      "message": "<error_message>"
    }
  ]
}

Response parameters

Name Type Description
errors array List of errors from the request.
.. code string Error code identifying a specific error.
.. message string Description of the error.

4xx Client Error codes

Status Code Description
429 request_limit_exceeded Service unavailable, please limit request volume.
See Rate limits
404 not_found Generic 404 message. Make sure the endpoint URL is properly constructed.
404 not_found|product The specified product was not found. Make sure you are using the correct product identifier.
See Glossary – Product identifiers
404 not_found|route The endpoint does not exist. Make sure the endpoint URL you are using is correct.
403 access_denied|missing_permission The API key you are using does not have permission to carry out the request. Send a GET request to the /user/me endpoint and find the access_roles.name value to identify the key's authorization level.
400 ambiguous_product The product.type_hint value could not be used to determine a product.
See Submit order – Request parameters table
400 auth_key_exists_for_account An AuthKey has already been created for your account.
400 bad_request_format The request body is malformed. Make sure the request body uses valid JSON or XML.
400 cert_transparency_turned_off_for_account CT logging has been disabled for your CertCentral account. An administrator must enable this feature.
400 csr_invalid_cannot_parse The CSR is not in the correct format, is missing required fields, or contains fields with invalid characters.
See Create a CSR
400 csr_not_allowed The specified product does not use a CSR.
See Glossary – CSR requirements
400 ct_logging_disabled CT logging has been disabled for your CertCentral account. An administrator must enable this feature.
400 custom_expiration_not_allowed Allowed validity periods are configured for the product type. Remove the restrictions to allow custom expiration dates.
400 disabled_domain The submitted domain is deactivated. You must activate the domain before you can submit it.
See Activate domain
400 domain_not_allowed Domain restrictions are configured for the specified container.
400 email_domain_not_validated Email must have a validated domain.
400 email_not_valid_email_format The submitted email address is not valid. Make sure the submitted email address follows standard email address conventions.
400 inactive_organization The submitted organization is deactivated. Activate the organization or specify a different organization.
See Activate organization
400 internal_names_not_allowed Internal names are not allowed.
See SSL Certificates for Internal Server Names
400 invalid_ca_cert_id The specified Certificate Authority is not valid.
400 invalid_chars:<param.name> The specified parameter contains invalid characters. Refere to the endpoint's Response parameters table for valid input characters.
400 invalid_common_name_on_duplicate The common name on duplicate requests must match what was on the original order. Refer to the original order for the correct common name.
400 invalid_dns_method The DCV method for the order is set to email.
400 invalid_dns_name_on_duplicate The DNS name on duplicate requests must match what was on the original order. Refer to the original order for the correct DNS name.
400 invalid_payment_method The specified payment method is not enabled. To use the specified payment request, you must enable it in your account.
400 invalid_value:<param.name> The specified parameter contains an invalid value. Refere to the endpoint's Response parameters table for valid input values.
400 missing_ca_cert_id The certificate authority ID is required for this request. Specify the certificate authority to issue the certificate from and resend your request.
400 missing_dns_name_on_duplicate The DNS name is missing from the request. DNS names cannot be removed on duplicate orders. Resend the request with the DNS name included.
400 missing_request_data No body was sent with the request. Refer to the endpoint's documentation for request requirements..
400 missing_required_custom_field The request body is missing a required custom field.
To get a list of custom order field metadata for your account, see List custom fields.
400 no_private_ca_enabled No private certificate authorities are enabled for the account.
400 not_allowed_to_change_ct_setting_per_order The per certificate order feature has not been activated for your CertCentral account. An administrator must enable this feature.
400 order_not_eligible_for_duplicate Duplicates are not allowed for the specified order.
400 other_domain_on_wildcard All SANs on a wildcard certificate must have the same common name. Either change the SANs to use the same common name or order a multi-domain certificate.
400 pending_reissue A previous reissue request is still pending for the order. You must reject or approve and issue the pending request before a new reissue request can be placed.
400 product_name_limit_exceeded You have exceeded the number of names allowed on this product.
400 product_not_allowed This product is not allowed.
400 protected_domain One or more domains listed on this certificate request are protected by the domain owner. Modify the domains and resubmit the request.
400 required_param: The specified parameter is required. Refer to the endpoint's Response parameters table to identify required and optional parameters.
400 rfc5280_common_name_invalid The submitted common name does not conform to industry standards.
400 rfc5280_common_name_too_long Common name must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_unit_too_long Organization units must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_name_too_long Organization name total length (including Assumed Name for EV certificates) must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_address_field_too_long Address fields must be less than 64 characters in order to be compliant with industry standards.
400 rfc5280_org_unit_invalid The org unit field contains an invalid value according to industry standards.
400 rfc5280_org_invalid One or more fields on the organization contains invalid values according to industry standards.
400 username_unavailable The specified username is not available.