# 30119: Certificate and private key pair is invalid

Log Type: APPLICATION

Log Level: ERROR

## Description

This error occurs when the private key and certificate you upload are individually valid, but they do not match as a pair for your Link Shortening domain. Twilio validates uploaded certificates and keys when you upload a certificate for Link Shortening.

### Possible causes

* The certificate and private key are for different domains, or they do not belong to the same certificate and key pair.
* If you configured Link Shortening on a subdomain, the certificate and private key were not generated for that subdomain.

### Possible solutions

* Regenerate the certificate and private key as a matching pair for the domain or subdomain you configured for Link Shortening, then upload the new files.
* Upload the certificate in PEM format. Make sure the certificate begins with `-----BEGIN CERTIFICATE-----` and ends with `-----END CERTIFICATE-----`, and that the private key begins with `-----BEGIN PRIVATE KEY-----` and ends with `-----END PRIVATE KEY-----` or is in PKCS #8 format.
* Include the full certificate chain when you upload the certificate.
* If you use the REST API, set `TlsCert` to the concatenated certificate and private key. After you upload the file, check the certificate validation status because validation can take up to five minutes.

#### Additional resources

* [Link Shortening onboarding guide](/docs/messaging/features/link-shortening/onboarding-guide)
* [Link Shortening](/docs/messaging/features/link-shortening)
* [Security](/docs/usage/security)