Documentation

Resolve SSL certificate expiration retrieval issues in Adobe Cloud Manager

Last update: Wed Jun 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

When retrieving SSL certificate expiration dates using the Adobe Cloud Manager API, the process can be disrupted by improper usage of API endpoints and missing links between domain mappings and certificates. Ensure the proper interlinking of API calls to effectively resolve the issue.

Description description

Environment

  • Product: Adobe Experience Manager as a Cloud Service - Sites
  • Environment: Production
  • Product Offering: Cloud Manager

Issue/Symptoms

When using the following sequence of API calls:

  1. Retrieve list of domains (GET /program/{programId}/domains)
  2. Retrieve domain mapping IDs (GET /program/{programId}/domain-mapping/{domainMappingId})
  3. Retrieve all certificates (GET /program/{programId}/certificates)
  4. Fetch specific certificate details (GET /program/{programId}/certificate/{certificateId})

It was observed that there’s no direct link between domain mappings and certificates, resulting in an inability to fetch the desired certificate details (For example: expiration date).

  • Using domainId as the key identifier for the domain-mapping endpoint resulted in errors.
  • Attempts to retrieve certificate details with incorrect identifiers returned a “Certificate not found” error.

Resolution resolution

Retrieve Domains:

Use the endpoint:

GET /program/{programId}/domains

If you need a specific domain (For example: www.example.com), note that using the name query parameter (see below)

GET /program/{programId}/domains?name=www.example.com

performs a contains search. This is why you might see multiple entries (like stage- www.example.com  or xxx*-cloud- www.example.com*). For less ambiguous results, you can query with a more specific name, for example,

GET /program/{programId}/domains?name=xxx-www.example.com

or retrieve all domains and then iterate through them to find the exact match.

Get Domain Mapping:

Once you’ve identified the domain of interest and obtained its unique domainId use the domain mapping endpoint with the domainId filter:

GET /program/{programId}/domain-mappings?domainId=XXXXXX

This call will return a JSON object which includes the certificateId. For instance, you might receive a response like:

{
"domainMappingId": "{domainMappingId}",
"programId": "{programId}",
"originId": XXXXXX,
"domainMappingStatus": "applied",
"domainName": "www.example.com",
"originType": "SKYLINE_ENVIRONMENT",
"tier": "publish",
"domainId": XXXXXX,
"certificateId": "{certificateId}",
"createdAt": XXXXXXXXXXXXX,
"updatedAt": XXXXXXXXXXXXX
}

The certificateId ({certificateId}) is the common link that enables you to fetch the correct certificate details.

The certificateId ({certificateId}) is the common link that enables you to fetch the correct certificate details.

Check Certificate Details:

With the certificateId in hand, you can then retrieve the certificate details (including its expiration date) by calling:

GET /program/{programId}/certificate/{certificateId}

This flow shows that the API calls are indeed interconnected; the certificateId provided in the domain mapping response serves as the linking key between the domain and its associated certificate.

You can refer to the Cloud Manager API documentation for additional details.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f