Errors return both an HTTP status code and an error message. Errors caused by the client return a 4xx Client Error status code. Errors caused by the API service return a 5xx Server Error status code.
{
"errors": [
{
"code": "<error_code>",
"message": "<error_message>"
}
]
}| Name | Type | Description |
|---|---|---|
| errors | array | List of errors from the request. |
| .. code | string | Error code identifying a specific error. |
| .. message | string | Description of the error. |
| Status | Code | Description |
|---|---|---|
| 429 | request_limit_exceeded |
Service unavailable, please limit request volume. See Rate limits |
| 404 | not_found | Generic 404 message. Make sure the endpoint URL is properly constructed. |
| 404 | not_found|order |
The specified order was not found. Make sure:
|
| 404 | not_found|product |
The specified product was not found. Make sure you are using the correct product identifier. See Glossary – Product identifiers |
| 404 | not_found|route | The endpoint does not exist. Make sure the endpoint URL you are using is correct. |
| 403 | access_denied|missing_permission |
The API key you are using does not have permission to carry out the request. Send a GET request to the /user/me endpoint and find the access_roles.name value to identify the key's authorization level.
|
| 400 | ambiguous_product |
The product.type_hint value could not be used to determine a product.See Submit order – Request parameters table |
| 400 | auth_key_exists_for_account | An AuthKey has already been created for your account. |
| 400 | bad_request_format | The request body is malformed. Make sure the request body uses valid JSON or XML. |
| 400 | caa_check_failed|variable |
CAA check failed. Make sure the CAA resource records for the domain are configured correctly. For more information, see DNS CAA resource record checks. |
| 400 | caa_not_found|variable |
CAA check failed. Make sure the CAA resource records for the domain are configured correctly. For more information, see DNS CAA resource record checks. |
| 400 | cert_transparency_turned_off_for_account | CT logging has been disabled for your CertCentral account. An administrator must enable this feature. |
| 400 | cert_validity_exceeds_order_validity | The validity period of the certificate cannot exceed the validity period of the order. |
| 400 | csr_invalid_cannot_parse |
The CSR is not in the correct format, is missing required fields, or contains fields with invalid characters. See Create a CSR |
| 400 | csr_not_allowed |
The specified product does not use a CSR. See Glossary – CSR requirements |
| 400 | ct_logging_disabled | CT logging has been disabled for your CertCentral account. An administrator must enable this feature. |
| 400 | custom_expiration_not_allowed | Allowed validity periods are configured for the product type. Remove the restrictions to allow custom expiration dates. |
| 400 | disabled_domain |
The submitted domain is deactivated. You must activate the domain before you can submit it. See Activate domain |
| 400 | dns_entry_missing|variable | Expected value not found on the DNS TXT record for the domain. Make sure the request token for the DNS TXT record is valid. |
| 400 | dns_internal_error|variable | Unable to process request. Please try again. |
| 400 | dns_invalid_domain|variable | The domain is invalid. Make sure the domain string is correct. |
| 400 | dns_invalid_entry|variable |
Invalid DNS TXT record. Make sure the DNS TXT record exists and has a valid request token. For more information about generating a request token for immediate DV certificate issuance, see DV certificate immediate issuance - How to generate your request token. |
| 400 | dns_lookup_timeout_caa|variable |
CAA check failed. Make sure the CAA resource records for the domain are configured correctly. For more information, see DNS CAA resource record checks. |
| 400 | dns_mismatch|variable | No DNS TXT record found for the domain. Make sure a valid DNS TXT record exists for the domain. |
| 400 | domain_not_allowed | Domain restrictions are configured for the specified container. |
| 400 | domains_not_prevalidated|variable|variable |
Returns if:
In this error code:
Make sure the order only includes prevalidated domains and resubmit the request, or contact your account administrator. To learn more about domain prevalidation, see Domain prevalidation: DCV methods. |
| 400 | email_domain_not_validated | Email must have a validated domain. |
| 400 | email_not_valid_email_format | The submitted email address is not valid. Make sure the submitted email address follows standard email address conventions. |
| 400 | file_incorrect_content|variable |
Expected content not found in the fileauth.txt file for the domain. Make sure the content of the fileauth.txt file is formatted correctly. For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth. |
| 400 | file_invalid_format|variable |
The fileauth.txt file for the domain is not formatted correctly. Check that you are using the correct file format and request token. For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth. |
| 400 | file_not_found|variable |
Could not find a fileauth.txt file for the domain. Make sure a valid filauth.txt file is hosted in the right location, and check that the domain string is correct. For more information about hosting the fileauth.txt file for immediate DV certificate issuance, see DV Certificate Immediate Issuance – File Auth. |
| 400 | file_outdated_content|variable |
The timestamp in the request token is invalid. Make sure you have formatted the timestamp and request token correctly, and check that the timestamp has not expired. For more information about creating timestamps and generating request tokens for immediate DV certificate issuance, see DV certificate immediate issuance. |
| 400 | file_random_value_not_found |
Unable to find the random value at the expected file location for the domain. Make sure:
|
| 400 | file_server_not_reachable|variable | Could not reach the server for the domain. Make sure the domain string is correct, and check that your server is configured correctly. |
| 400 | inactive_organization |
The submitted organization is deactivated. Activate the organization or specify a different organization. See Activate organization |
| 400 | internal_data_check_failed|variable | Unable to process request. Please try again. |
| 400 | internal_names_not_allowed | |
| 400 | invalid_caa_entry|variable |
CAA check failed. Make sure the CAA resource records for the domain are configured correctly. For more information, see DNS CAA resource record checks. |
| 400 | invalid_ca_cert_id | The specified Certificate Authority is not valid. |
| 400 | invalid_chars:<param.name> | The specified parameter contains invalid characters. Refer to the endpoint's Response parameters table for valid input characters. |
| 400 | invalid_common_name_on_duplicate | The common name on duplicate requests must match what was on the original order. Refer to the original order for the correct common name. |
| 400 | invalid_dns_cname |
Unable to find a valid DNS CNAME record for the domain. Make sure:
|
| 400 | invalid_dns_method | The DCV method for the order is set to email. |
| 400 | invalid_dns_name_on_duplicate | The DNS name on duplicate requests must match what was on the original order. Refer to the original order for the correct DNS name. |
| 400 | invalid_dns_txt |
Unable to find a valid DNS TXT record for the domain. Make sure:
|
| 400 | invalid_payment_method | The specified payment method is not enabled. To use the specified payment request, you must enable it in your account. |
| 400 | invalid_value:<param.name> | The specified parameter contains an invalid value. Refer to the endpoint's Response parameters table for valid input values. |
| 400 | invalid_value:validity_years |
The specified parameter contains an invalid value for the time span allowed. This can occur when the number of years specified is not permitted because the span exceeds what the order allows (for example, more than three years for a code signing certificate), or what is set as the limit at the account level by an admin. Additionally, this error may occur when the order validity is set with a custom_expiration_date and an admin for the account has already applied a limit to the allowed order validity period. When an admin applies this limit, the option to set a custom expiration date is disabled for the product using order_validity.days or order_validity.custom_expiration.date.
|
| 400 | missing_ca_cert_id | The certificate authority ID is required for this request. Specify the certificate authority to issue the certificate from and resend your request. |
| 400 | missing_dns_name_on_duplicate | The DNS name is missing from the request. DNS names cannot be removed on duplicate orders. Resend the request with the DNS name included. |
| 400 | missing_request_data | No body was sent with the request. Refer to the endpoint's documentation for request requirements. |
| 400 | missing_required_custom_field |
The request body is missing a required custom field. To get a list of custom order field metadata for your account, see List custom fields. |
| 400 | no_private_ca_enabled | No private certificate authorities are enabled for the account. |
| 400 | not_allowed_to_change_ct_setting_per_order | The per certificate order feature has not been activated for your CertCentral account. An administrator must enable this feature. |
| 400 | note_contains_private_key | Never share private keys with any third party, including DigiCert. Remove the private key and try again. |
| 400 | order_not_eligible_for_duplicate | Duplicates are not allowed for the specified order. |
| 400 | other_domain_on_wildcard | All SANs on a wildcard certificate must have the same common name. Either change the SANs to use the same common name or order a multi-domain certificate. |
| 400 | pending_reissue | A previous reissue request is still pending for the order. You must reject or approve and issue the pending request before a new reissue request can be placed. |
| 400 | product_name_limit_exceeded | You have exceeded the number of names allowed on this product. |
| 400 | product_not_allowed | This product is not allowed. |
| 400 | protected_domain | One or more domains listed on this certificate request are protected by the domain owner. Modify the domains and resubmit the request. |
| 400 |
required_param: |
The specified parameter is required. Refer to the endpoint's Response parameters table to identify required and optional parameters. |
| 400 | rfc5280_common_name_invalid | The submitted common name does not conform to industry standards. |
| 400 | rfc5280_common_name_too_long | Common name must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_unit_too_long | Organization units must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_name_too_long | Organization name total length (including Assumed Name for EV certificates) must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_address_field_too_long | Address fields must be less than 64 characters in order to be compliant with industry standards. |
| 400 | rfc5280_org_unit_invalid | The org unit field contains an invalid value according to industry standards. |
| 400 | rfc5280_org_invalid | One or more fields on the organization contains invalid values according to industry standards. |
| 400 | va_not_eligible_order |
The request failed for one of the following reasons:
|
| 400 | va_not_eligible_product |
The request failed because the product does not support vulnerability assessments. For a list of products that support vulnerability assessments, see Vulnerability assessments – Supported products. |
| 400 | va_order_not_found | No data found for the submitted request. Make sure you are using the correct order ID, then try again. |
| 400 | va_order_already_enabled | Vulnerability assessments are already enabled for the order. |
| 400 | va_order_not_enabled | Vulnerability assessments are not enabled for the order. Make sure you are using the correct order ID and that vulnerability assessments are enabled, then try again. |
| 400 | va_domain_not_found | The domain in the request is not included on the specified order. Make sure you are using the correct domain and order ID, then try again. |
| 400 | va_email_recipient_not_found | No email recipient found on the order. |
| 400 | va_bad_request | The request is not formatted correctly. Make sure the filter parameters and URL query strings in your request are formatted correctly, then try again. |
| 400 | username_unavailable | The specified username is not available. |