---
title: Getting Started with Datadog
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog
---

# aws_lightsail_certificate{% #aws_lightsail_certificate %}

## `account_id`{% #account_id %}

**Type**: `STRING`

## `certificate_arn`{% #certificate_arn %}

**Type**: `STRING`**Provider name**: `certificateArn`**Description**: The Amazon Resource Name (ARN) of the certificate.

## `certificate_detail`{% #certificate_detail %}

**Type**: `STRUCT`**Provider name**: `certificateDetail`**Description**: An object that describes a certificate in detail.

- `arn`**Type**: `STRING`**Provider name**: `arn`**Description**: The Amazon Resource Name (ARN) of the certificate.
- `created_at`**Type**: `TIMESTAMP`**Provider name**: `createdAt`**Description**: The timestamp when the certificate was created.
- `domain_name`**Type**: `STRING`**Provider name**: `domainName`**Description**: The domain name of the certificate.
- `domain_validation_records`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `domainValidationRecords`**Description**: An array of objects that describe the domain validation records of the certificate.
  - `dns_record_creation_state`**Type**: `STRUCT`**Provider name**: `dnsRecordCreationState`**Description**: An object that describes the state of the canonical name (CNAME) records that are automatically added by Lightsail to the DNS of the domain to validate domain ownership.
    - `code`**Type**: `STRING`**Provider name**: `code`**Description**: The status code for the automated DNS record creation. Following are the possible values:
      - `SUCCEEDED` - The validation records were successfully added to the domain.
      - `STARTED` - The automatic DNS record creation has started.
      - `FAILED` - The validation records failed to be added to the domain.
    - `message`**Type**: `STRING`**Provider name**: `message`**Description**: The message that describes the reason for the status code.
  - `domain_name`**Type**: `STRING`**Provider name**: `domainName`**Description**: The domain name of the certificate validation record. For example, `example.com` or `www.example.com`.
  - `resource_record`**Type**: `STRUCT`**Provider name**: `resourceRecord`**Description**: An object that describes the DNS records to add to your domain's DNS to validate it for the certificate.
    - `name`**Type**: `STRING`**Provider name**: `name`**Description**: The name of the record.
    - `type`**Type**: `STRING`**Provider name**: `type`**Description**: The DNS record type.
    - `value`**Type**: `STRING`**Provider name**: `value`**Description**: The value for the DNS record.
  - `validation_status`**Type**: `STRING`**Provider name**: `validationStatus`**Description**: The validation status of the record.
- `eligible_to_renew`**Type**: `STRING`**Provider name**: `eligibleToRenew`**Description**: The renewal eligibility of the certificate.
- `in_use_resource_count`**Type**: `INT32`**Provider name**: `inUseResourceCount`**Description**: The number of Lightsail resources that the certificate is attached to.
- `issued_at`**Type**: `TIMESTAMP`**Provider name**: `issuedAt`**Description**: The timestamp when the certificate was issued.
- `issuer_ca`**Type**: `STRING`**Provider name**: `issuerCA`**Description**: The certificate authority that issued the certificate.
- `key_algorithm`**Type**: `STRING`**Provider name**: `keyAlgorithm`**Description**: The algorithm used to generate the key pair (the public and private key) of the certificate.
- `name`**Type**: `STRING`**Provider name**: `name`**Description**: The name of the certificate (`my-certificate`).
- `not_after`**Type**: `TIMESTAMP`**Provider name**: `notAfter`**Description**: The timestamp when the certificate expires.
- `not_before`**Type**: `TIMESTAMP`**Provider name**: `notBefore`**Description**: The timestamp when the certificate is first valid.
- `renewal_summary`**Type**: `STRUCT`**Provider name**: `renewalSummary`**Description**: An object that describes the status of the certificate renewal managed by Lightsail.
  - `domain_validation_records`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `domainValidationRecords`**Description**: An array of objects that describe the domain validation records of the certificate.
    - `dns_record_creation_state`**Type**: `STRUCT`**Provider name**: `dnsRecordCreationState`**Description**: An object that describes the state of the canonical name (CNAME) records that are automatically added by Lightsail to the DNS of the domain to validate domain ownership.
      - `code`**Type**: `STRING`**Provider name**: `code`**Description**: The status code for the automated DNS record creation. Following are the possible values:
        - `SUCCEEDED` - The validation records were successfully added to the domain.
        - `STARTED` - The automatic DNS record creation has started.
        - `FAILED` - The validation records failed to be added to the domain.
      - `message`**Type**: `STRING`**Provider name**: `message`**Description**: The message that describes the reason for the status code.
    - `domain_name`**Type**: `STRING`**Provider name**: `domainName`**Description**: The domain name of the certificate validation record. For example, `example.com` or `www.example.com`.
    - `resource_record`**Type**: `STRUCT`**Provider name**: `resourceRecord`**Description**: An object that describes the DNS records to add to your domain's DNS to validate it for the certificate.
      - `name`**Type**: `STRING`**Provider name**: `name`**Description**: The name of the record.
      - `type`**Type**: `STRING`**Provider name**: `type`**Description**: The DNS record type.
      - `value`**Type**: `STRING`**Provider name**: `value`**Description**: The value for the DNS record.
    - `validation_status`**Type**: `STRING`**Provider name**: `validationStatus`**Description**: The validation status of the record.
  - `renewal_status`**Type**: `STRING`**Provider name**: `renewalStatus`**Description**: The renewal status of the certificate. The following renewal status are possible:
    - `PendingAutoRenewal` - Lightsail is attempting to automatically validate the domain names of the certificate. No further action is required.
    - `PendingValidation` - Lightsail couldn't automatically validate one or more domain names of the certificate. You must take action to validate these domain names or the certificate won't be renewed. Check to make sure your certificate's domain validation records exist in your domain's DNS, and that your certificate remains in use.
    - `Success` - All domain names in the certificate are validated, and Lightsail renewed the certificate. No further action is required.
    - `Failed` - One or more domain names were not validated before the certificate expired, and Lightsail did not renew the certificate. You can request a new certificate using the `CreateCertificate` action.
  - `renewal_status_reason`**Type**: `STRING`**Provider name**: `renewalStatusReason`**Description**: The reason for the renewal status of the certificate.
  - `updated_at`**Type**: `TIMESTAMP`**Provider name**: `updatedAt`**Description**: The timestamp when the certificate was last updated.
- `request_failure_reason`**Type**: `STRING`**Provider name**: `requestFailureReason`**Description**: The validation failure reason, if any, of the certificate. The following failure reasons are possible:
  - `NO_AVAILABLE_CONTACTS` - This failure applies to email validation, which is not available for Lightsail certificates.
  - `ADDITIONAL_VERIFICATION_REQUIRED` - Lightsail requires additional information to process this certificate request. This can happen as a fraud-protection measure, such as when the domain ranks within the Alexa top 1000 websites. To provide the required information, use the [Amazon Web Services Support Center](https://console.aws.amazon.com/support/home) to contact Amazon Web Services Support.You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.
  - `DOMAIN_NOT_ALLOWED` - One or more of the domain names in the certificate request was reported as an unsafe domain by [VirusTotal](https://www.virustotal.com/gui/home/url). To correct the problem, search for your domain name on the [VirusTotal](https://www.virustotal.com/gui/home/url) website. If your domain is reported as suspicious, see [Google Help for Hacked Websites](https://developers.google.com/web/fundamentals/security/hacked) to learn what you can do. If you believe that the result is a false positive, notify the organization that is reporting the domain. VirusTotal is an aggregate of several antivirus and URL scanners and cannot remove your domain from a block list itself. After you correct the problem and the VirusTotal registry has been updated, request a new certificate. If you see this error and your domain is not included in the VirusTotal list, visit the [Amazon Web Services Support Center](https://console.aws.amazon.com/support/home) and create a case.
  - `INVALID_PUBLIC_DOMAIN` - One or more of the domain names in the certificate request is not valid. Typically, this is because a domain name in the request is not a valid top-level domain. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request, and ensure that all domain names in the request are for valid top-level domains. For example, you cannot request a certificate for `example.invalidpublicdomain` because `invalidpublicdomain` is not a valid top-level domain.
  - `OTHER` - Typically, this failure occurs when there is a typographical error in one or more of the domain names in the certificate request. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request.
- `revocation_reason`**Type**: `STRING`**Provider name**: `revocationReason`**Description**: The reason the certificate was revoked. This value is present only when the certificate status is `REVOKED`.
- `revoked_at`**Type**: `TIMESTAMP`**Provider name**: `revokedAt`**Description**: The timestamp when the certificate was revoked. This value is present only when the certificate status is `REVOKED`.
- `serial_number`**Type**: `STRING`**Provider name**: `serialNumber`**Description**: The serial number of the certificate.
- `status`**Type**: `STRING`**Provider name**: `status`**Description**: The validation status of the certificate.
- `subject_alternative_names`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `subjectAlternativeNames`**Description**: An array of strings that specify the alternate domains (`example2.com`) and subdomains (`blog.example.com`) of the certificate.
- `support_code`**Type**: `STRING`**Provider name**: `supportCode`**Description**: The support code. Include this code in your email to support when you have questions about your Lightsail certificate. This code enables our support team to look up your Lightsail information more easily.

## `certificate_name`{% #certificate_name %}

**Type**: `STRING`**Provider name**: `certificateName`**Description**: The name of the certificate.

## `domain_name`{% #domain_name %}

**Type**: `STRING`**Provider name**: `domainName`**Description**: The domain name of the certificate.

## `tags`{% #tags %}

**Type**: `UNORDERED_LIST_STRING`