Errors return both an HTTP status code and an error message. Errors caused by the client return a 4xx Client Error status code. Errors caused by the API service return a 5xx Server Error status code.
{
"errors": [
{
"code": "<error_code>",
"message": "<error_message>"
}
]
}| Name | Type | Description |
|---|---|---|
| errors | array | List of errors from the request. |
| .. code | string | Error code identifying a specific error. |
| .. message | string | Description of the error. |
| Status | Code | Description |
|---|---|---|
| 429 | request_limit_exceeded |
Service unavailable, please limit request volume. See Rate limits |
| 404 | not_found | Generic 404 message. Make sure the endpoint URL is properly constructed. |
| 404 | not_found|product |
The specified product was not found. Make sure you are using the correct product identifier. See Glossary – Product identifiers |
| 404 | not_found|route | The endpoint does not exist. Make sure the endpoint URL you are using is correct. |
| 403 | access_denied|missing_permission |
The API key you are using does not have permission to carry out the request. Send a GET request to the /user/me endpoint and find the access_roles.name value to identify the key's authorization level.
|
| 400 | ambiguous_product |
The product.type_hint value could not be used to determine a product.See Submit order – Request parameters table |
| 400 | auth_key_exists_for_account | An AuthKey has already been created for your account. |
| 400 | bad_request_format | The request body is malformed. Make sure the request body uses valid JSON or XML. |
| 400 | cert_transparency_turned_off_for_account | CT logging has been disabled for your CertCentral account. An administrator must enable this feature. |
| 400 | csr_invalid_cannot_parse |
The CSR is not in the correct format, is missing required fields, or contains fields with invalid characters. See Create a CSR |
| 400 | csr_not_allowed |
The specified product does not use a CSR. See Glossary – CSR requirements |
| 400 | ct_logging_disabled | CT logging has been disabled for your CertCentral account. An administrator must enable this feature. |
| 400 | custom_expiration_not_allowed | Allowed validity periods are configured for the product type. Remove the restrictions to allow custom expiration dates. |
| 400 | disabled_domain |
The submitted domain is deactivated. You must activate the domain before you can submit it. See Activate domain |
| 400 | domain_not_allowed | Domain restrictions are configured for the specified container. |
| 400 | email_domain_not_validated | Email must have a validated domain. |
| 400 | email_not_valid_email_format | The submitted email address is not valid. Make sure the submitted email address follows standard email address conventions. |
| 400 | inactive_organization |
The submitted organization is deactivated. Activate the organization or specify a different organization. See Activate organization |
| 400 | internal_names_not_allowed |
Internal names are not allowed. See SSL Certificates for Internal Server Names |
| 400 | invalid_ca_cert_id | The specified Certificate Authority is not valid. |
| 400 | invalid_chars:<param.name> | The specified parameter contains invalid characters. Refer to the endpoint's Response parameters table for valid input characters. |
| 400 | invalid_common_name_on_duplicate | The common name on duplicate requests must match what was on the original order. Refer to the original order for the correct common name. |
| 400 | invalid_dns_method | The DCV method for the order is set to email. |
| 400 | invalid_dns_name_on_duplicate | The DNS name on duplicate requests must match what was on the original order. Refer to the original order for the correct DNS name. |
| 400 | invalid_payment_method | The specified payment method is not enabled. To use the specified payment request, you must enable it in your account. |
| 400 | invalid_value:<param.name> | The specified parameter contains an invalid value. Refer to the endpoint's Response parameters table for valid input values. |
| 400 | missing_ca_cert_id | The certificate authority ID is required for this request. Specify the certificate authority to issue the certificate from and resend your request. |
| 400 | missing_dns_name_on_duplicate | The DNS name is missing from the request. DNS names cannot be removed on duplicate orders. Resend the request with the DNS name included. |
| 400 | missing_request_data | No body was sent with the request. Refer to the endpoint's documentation for request requirements.. |
| 400 | missing_required_custom_field |
The request body is missing a required custom field. To get a list of custom order field metadata for your account, see List custom fields. |
| 400 | no_private_ca_enabled | No private certificate authorities are enabled for the account. |
| 400 | not_allowed_to_change_ct_setting_per_order | The per certificate order feature has not been activated for your CertCentral account. An administrator must enable this feature. |
| 400 | order_not_eligible_for_duplicate | Duplicates are not allowed for the specified order. |
| 400 | other_domain_on_wildcard | All SANs on a wildcard certificate must have the same common name. Either change the SANs to use the same common name or order a multi-domain certificate. |
| 400 | pending_reissue | A previous reissue request is still pending for the order. You must reject or approve and issue the pending request before a new reissue request can be placed. |
| 400 | product_name_limit_exceeded | You have exceeded the number of names allowed on this product. |
| 400 | product_not_allowed | This product is not allowed. |
| 400 | protected_domain | One or more domains listed on this certificate request are protected by the domain owner. Modify the domains and resubmit the request. |
| 400 |
required_param: |
The specified parameter is required. Refer to the endpoint's Response parameters table to identify required and optional parameters. |
| 400 | rfc5280_common_name_invalid | The submitted common name does not conform to industry standards. |
| 400 | rfc5280_common_name_too_long | Common name must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_unit_too_long | Organization units must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_name_too_long | Organization name total length (including Assumed Name for EV certificates) must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_address_field_too_long | Address fields must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_unit_invalid | The org unit field contains an invalid value according to industry standards. |
| 400 | rfc5280_org_invalid | One or more fields on the organization contains invalid values according to industry standards. |
| 400 | username_unavailable | The specified username is not available. |