diff --git a/public/main/gradebook/gradebook_display_certificate.php b/public/main/gradebook/gradebook_display_certificate.php
index cc3d0c7b26f..a6741c4ba10 100644
--- a/public/main/gradebook/gradebook_display_certificate.php
+++ b/public/main/gradebook/gradebook_display_certificate.php
@@ -336,43 +336,109 @@ function confirmation() {
             echo '<td width="30%">'.get_lang('Date').' : '.api_convert_and_format_date($valueCertificate['created_at']).'</td>';
             echo '<td width="20%">';
 
-            // Normalize and availability checks
-            $pathRaw = isset($valueCertificate['path_certificate']) ? (string) $valueCertificate['path_certificate'] : '';
-            $path    = ltrim($pathRaw, '/'); // ensure no leading slash
-            $hasPath = $path !== '';
-            $hash    = $hasPath ? pathinfo($path, PATHINFO_FILENAME) : '';
-
-            // Admin can bypass publish flag for visibility
+            /**
+             * Resource-first per-course certificate resolution.
+             * - First: try to resolve a Resource certificate for (cat_id, user_id).
+             * - Never fallback to the user's general/custom certificate here.
+             * - If no Resource exists, use legacy path_certificate (HTML/PDF in /certificates/).
+             * - Keep publish flag behavior; platform admins bypass publish.
+             */
             $isPublished = !empty($valueCertificate['publish']) || api_is_platform_admin();
-            $isAvailable = $hasPath && $isPublished;
 
-            // Build URLs only if available
-            $htmlUrl = $isAvailable ? api_get_path(WEB_PATH).'certificates/'.$hash.'.html' : '';
-            $pdfUrl  = $isAvailable ? api_get_path(WEB_PATH).'certificates/'.$hash.'.pdf'  : '';
+            $certRepo = Container::getGradeBookCertificateRepository();
+            $router   = null;
+            try {
+                $router = Container::getRouter(); // Might not exist in some installs; guarded below.
+            } catch (\Throwable $e) {
+                // Non-fatal. We'll just skip route generation if router is not available.
+            }
+
+            $htmlUrl     = '';
+            $pdfUrl      = '';
+            $isAvailable = false;
+
+            // Try to resolve the per-category (course/session) resource
+            try {
+                $entity = $certRepo->getCertificateByUserId(
+                    $categoryId === 0 ? null : (int) $categoryId,
+                    (int) $value['user_id']
+                );
+
+                if ($entity && $entity->hasResourceNode()) {
+                    // HTML is served through the Resource layer (secured, hashed filename)
+                    $htmlUrl     = (string) $certRepo->getResourceFileUrl($entity);
+                    $isAvailable = $isPublished && $htmlUrl !== '';
+
+                    // PDF is served by your Symfony controller (update the route name/params if needed)
+                    if ($router && $isAvailable) {
+                        // Attempt 1: route by certificateId (common signature)
+                        try {
+                            $pdfUrl = $router->generate('gradebook_certificate_pdf', [
+                                'certificateId' => (int) $valueCertificate['id'],
+                            ]);
+                        } catch (\Throwable $e1) {
+                            // Attempt 2: route by userId+catId (alternative signature)
+                            try {
+                                $pdfUrl = $router->generate('gradebook_certificate_pdf', [
+                                    'userId' => (int) $value['user_id'],
+                                    'catId'  => (int) $categoryId,
+                                ]);
+                            } catch (\Throwable $e2) {
+                                // Route not found or wrong signature: leave $pdfUrl empty.
+                                error_log('[gradebook_display_certificate] PDF route resolution failed: '.$e2->getMessage());
+                            }
+                        }
+                    }
+                }
+            } catch (\Throwable $e) {
+                error_log('[gradebook_display_certificate] resource resolve error: '.$e->getMessage());
+            }
+
+            // Legacy per-course fallback ONLY if no resource is available.
+            // IMPORTANT: do NOT fallback to general/custom certificate on this screen.
+            if (!$isAvailable) {
+                $pathRaw = isset($valueCertificate['path_certificate']) ? (string) $valueCertificate['path_certificate'] : '';
+                $path    = ltrim($pathRaw, '/'); // normalize: remove leading slash if present
+                $hasPath = $path !== '';
+                $hash    = $hasPath ? pathinfo($path, PATHINFO_FILENAME) : '';
+
+                $isAvailable = $hasPath && $isPublished;
+
+                if ($isAvailable) {
+                    $htmlUrl = api_get_path(WEB_PATH).'certificates/'.$hash.'.html';
+                    $pdfUrl  = api_get_path(WEB_PATH).'certificates/'.$hash.'.pdf';
+                }
+            }
 
-            // HTML certificate button/link
+            // Render buttons (enabled/disabled) preserving existing UI
             if ($isAvailable) {
+                // HTML certificate button/link
                 echo Display::url(
                     get_lang('Certificate'),
                     $htmlUrl,
                     ['target' => '_blank', 'class' => 'btn btn--plain']
                 );
+
+                // PDF download icon/link (only if we have a URL)
+                if (!empty($pdfUrl)) {
+                    echo Display::url(
+                        Display::getMdiIcon(ActionIcon::EXPORT_PDF, 'ch-tool-icon', null, ICON_SIZE_SMALL, get_lang('Download')),
+                        $pdfUrl,
+                        ['target' => '_blank', 'title' => 'Download PDF certificate']
+                    );
+                } else {
+                    // Route not available: show disabled icon with a clear tooltip
+                    echo '<button type="button" class="btn btn-link disabled" disabled '
+                        .'title="PDF route unavailable">'
+                        .Display::getMdiIcon(ActionIcon::EXPORT_PDF, 'ch-tool-icon text-muted', null, ICON_SIZE_SMALL, get_lang('PDF route unavailable'))
+                        .'</button>';
+                }
             } else {
-                // Disabled button with clear message
+                // Disabled HTML button
                 echo '<button type="button" class="btn btn--plain disabled" disabled '
                     .'title="Certificate not available"> '.get_lang('Certificate').' </button>';
-            }
-            echo PHP_EOL;
 
-            // PDF download button/link (mdi icon)
-            if ($isAvailable) {
-                echo Display::url(
-                    Display::getMdiIcon(ActionIcon::EXPORT_PDF, 'ch-tool-icon', null, ICON_SIZE_SMALL, get_lang('Download')),
-                    $pdfUrl,
-                    ['target' => '_blank', 'title' => 'Download PDF certificate']
-                );
-            } else {
-                // Disabled icon with tooltip
+                // Disabled PDF icon
                 echo '<button type="button" class="btn btn-link disabled" disabled '
                     .'title="PDF download unavailable">'
                     .Display::getMdiIcon(ActionIcon::EXPORT_PDF, 'ch-tool-icon text-muted', null, ICON_SIZE_SMALL, get_lang('PDF download unavailable'))
diff --git a/public/main/inc/lib/certificate.lib.php b/public/main/inc/lib/certificate.lib.php
index 2993fefad13..229bf86a9a8 100644
--- a/public/main/inc/lib/certificate.lib.php
+++ b/public/main/inc/lib/certificate.lib.php
@@ -64,59 +64,143 @@ public function __construct(
         $updateCertificateData = true,
         $pathToCertificate = ''
     ) {
-        $this->table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
-        $this->user_id = !empty($userId) ? $userId : api_get_user_id();
+        $this->table   = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
+        $this->user_id = !empty($userId) ? (int) $userId : api_get_user_id();
 
+        // Load legacy row if an ID is provided
         if (!empty($certificate_id)) {
             $certificate = $this->get($certificate_id);
-            if (!empty($certificate) && is_array($certificate)) {
+            if (is_array($certificate) && !empty($certificate)) {
                 $this->certificate_data = $certificate;
-                $this->user_id = $this->certificate_data['user_id'];
+                $this->user_id = (int) $this->certificate_data['user_id'];
             }
         }
 
-        if ($this->user_id) {
-            // To force certification generation
-            if ($this->force_certificate_generation) {
-                $this->generate(['certificate_path' => ''], $sendNotification);
+        if (empty($this->user_id)) {
+            // No user context, nothing else to do.
+            return;
+        }
+
+        $certRepo   = Container::getGradeBookCertificateRepository();
+        $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
+
+        // Try to preload an existing resource to avoid unnecessary work.
+        try {
+            $existing = $certRepo->getCertificateByUserId($categoryId === 0 ? null : $categoryId, $this->user_id);
+            if ($existing && $existing->hasResourceNode()) {
+                // Resource-first model: legacy path is not used anymore.
+                $this->certification_user_path = 'resource://user_certificate';
+                $this->html_file = '';
+                $this->certificate_data['path_certificate'] = '';
+                $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($existing);
             }
-            if (
-                isset($this->certificate_data)
-                && $this->certificate_data
-                && empty($this->certificate_data['path_certificate'])
-            ) {
+        } catch (\Throwable $e) {
+            // Non-fatal; generation can still proceed if needed.
+            error_log('[CERT::__construct] preload resource error: '.$e->getMessage());
+        }
+
+        // Keep original behavior: optionally generate on construct.
+        if ($this->force_certificate_generation) {
+            try {
+                $this->generate(['certificate_path' => $pathToCertificate], $sendNotification);
+                // Refresh in-memory HTML for PDF generation after generate().
+                $refetched = $certRepo->getCertificateByUserId($categoryId === 0 ? null : $categoryId, $this->user_id);
+                if ($refetched && $refetched->hasResourceNode()) {
+                    $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($refetched);
+                    $this->certification_user_path = 'resource://user_certificate';
+                }
+            } catch (\Throwable $e) {
+                error_log('[CERT::__construct] generate-on-construct failed: '.$e->getMessage());
+            }
+        }
+
+        // If still empty legacy path but we have a row, keep original fallback.
+        if (
+            isset($this->certificate_data) &&
+            $this->certificate_data &&
+            empty($this->certificate_data['path_certificate']) &&
+            !$this->force_certificate_generation
+        ) {
+            try {
                 $this->generate(['certificate_path' => $pathToCertificate], $sendNotification);
+                $refetched = $certRepo->getCertificateByUserId($categoryId === 0 ? null : $categoryId, $this->user_id);
+                if ($refetched && $refetched->hasResourceNode()) {
+                    $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($refetched);
+                    $this->certification_user_path = 'resource://user_certificate';
+                }
+            } catch (\Throwable $e) {
+                error_log('[CERT::__construct] generate (no legacy path) failed: '.$e->getMessage());
             }
         }
 
         // Setting the qr and html variables
-        if (isset($certificate_id) &&
+        if (
+            isset($certificate_id) &&
             !empty($this->certification_user_path) &&
-            isset($this->certificate_data['path_certificate'])
+            isset($this->certificate_data['path_certificate']) &&
+            !empty($this->certificate_data['path_certificate'])
         ) {
-            //$pathinfo = pathinfo($this->certificate_data['path_certificate']);
+            // Legacy: path points to a file name; we only keep it for BC.
             $this->html_file = $this->certificate_data['path_certificate'];
-            //$this->qr_file = $this->certification_user_path.$pathinfo['filename'].'_qr.png';
         } else {
-            //$this->checkCertificatePath();
             if ('true' === api_get_setting('certificate.allow_general_certificate')) {
+                // Guard: if a resource already exists, just populate file_content and exit.
+                try {
+                    $already = $certRepo->getCertificateByUserId(null, $this->user_id); // general certificate => null cat
+                    if ($already && $already->hasResourceNode()) {
+                        $this->certification_user_path = 'resource://user_certificate';
+                        $this->certificate_data['path_certificate'] = '';
+                        $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($already);
+                        return; // Nothing else to do.
+                    }
+                } catch (\Throwable $e) {
+                    error_log('[CERT::__construct] check-existing general cert error: '.$e->getMessage());
+                }
+
                 // General certificate
-                $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
-                $name = hash('sha256', $this->user_id . $categoryId);
-                $fileName = $name . '.html';
-                $content = $this->generateCustomCertificate();
-                $gradebookCertificateRepo = Container::getGradeBookCertificateRepository();
-                $personalFile = $gradebookCertificateRepo->generateCertificatePersonalFile($this->user_id, $fileName, $content);
-
-                if (null !== $personalFile) {
-                    // Updating the path
-                    self::updateUserCertificateInfo(
+                // store as a Resource (resource_type = user_certificate) instead of PersonalFile
+                $cert = null;
+                try {
+                    // Build HTML content (always available for PDF even if upsert fails).
+                    $content = $this->generateCustomCertificate();
+
+                    $hash     = hash('sha256', $this->user_id.$categoryId);
+                    $fileName = $hash.'.html';
+
+                    // upsertCertificateResource(catId, userId, score, htmlContent, pdfBinary?, legacyFileName?)
+                    $cert = $certRepo->upsertCertificateResource(0, $this->user_id, 100.0, $content, null, $fileName);
+
+                    // Keep legacy compatibility fields in DB if required
+                    if ($updateCertificateData) {
+                        $certRepo->registerUserInfoAboutCertificate(0, $this->user_id, 100.0, $fileName);
+                    }
+
+                    // Update in-memory fields for downstream consumers (PDF)
+                    $this->certification_user_path = 'resource://user_certificate';
+                    $this->certificate_data['path_certificate'] = $fileName;
+
+                    // Ensure file_content is always available (avoid undefined index)
+                    try {
+                        $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($cert);
+                    } catch (\Throwable $ignored) {
+                        // Fallback: use raw generated HTML so PDF creation never crashes.
+                        $this->certificate_data['file_content'] = $content;
+                    }
+
+                    // Optional: keep the legacy user-certificate metadata updated
+                    $this->updateUserCertificateInfo(
                         0,
                         $this->user_id,
                         $fileName,
                         $updateCertificateData
                     );
-                    $this->certificate_data['path_certificate'] = $fileName;
+                } catch (\Throwable $e) {
+                    // Do not break the constructor; log and keep going
+                    error_log('[CERT] general certificate upsert error: '.$e->getMessage());
+                    // As a last resort, populate file_content with a minimal HTML to avoid PDF fatal errors
+                    if (empty($this->certificate_data['file_content'])) {
+                        $this->certificate_data['file_content'] = '<html><body><p></p></body></html>';
+                    }
                 }
             }
         }
@@ -133,131 +217,240 @@ public function __construct(
      */
     public function deleteCertificate(): bool
     {
-        if (!empty($this->certificate_data)) {
-            $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
-            $gradebookCertificateRepo = Container::getGradeBookCertificateRepository();
-            $gradebookCertificateRepo->deleteCertificateAndRelatedFiles($this->certificate_data['user_id'], $categoryId);
+        if (empty($this->certificate_data)) {
+            return false;
+        }
+
+        $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
+        $certRepo   = Container::getGradeBookCertificateRepository();
+
+        try {
+            $certRepo->deleteCertificateResource($this->certificate_data['user_id'], $categoryId);
 
             return true;
+        } catch (\Throwable $e) {
+            error_log('[CERTIFICATE::deleteCertificate] delete error: '.$e->getMessage());
+            return false;
         }
-
-        return false;
     }
 
     /**
-     *  Generates an HTML Certificate and fills the path_certificate field in the DB.
+     * Generates (or updates) the user's certificate as a Resource.
+     *
+     * Template strategy is centralized here:
+     *  1) If the Gradebook category HAS a default template (document) => use it.
+     *  2) If it DOES NOT => fall back to the portal "custom" template (legacy behavior).
+     * In both cases we store a category-bound Resource (cat_id), so pages don't need to re-implement fallbacks.
+     *
+     * - Stores the HTML in a ResourceNode (resource_type = user_certificate).
+     * - Fills $this->certificate_data['file_content'] with the HTML to avoid PDF errors.
+     * - Keeps legacy DB info via registerUserInfoAboutCertificate() (no PersonalFile usage).
      *
      * @param array $params
      * @param bool  $sendNotification
      *
-     * @return bool|int
+     * @return bool
      */
     public function generate($params = [], $sendNotification = false)
     {
-        $result = false;
-        $params['hide_print_button'] = isset($params['hide_print_button']) ? true : false;
+        // Safe defaults
+        $params = is_array($params) ? $params : [];
+        $params['hide_print_button'] = isset($params['hide_print_button'])
+            ? (bool) $params['hide_print_button']
+            : false;
+
+        // Repository (required).
+        try {
+            $certRepo = Container::getGradeBookCertificateRepository();
+        } catch (\Throwable $e) {
+            error_log('[CERT::generate] FATAL: cannot get GradeBookCertificateRepository: '.$e->getMessage());
+            return false;
+        }
+        if (!$certRepo) {
+            error_log('[CERT::generate] FATAL: GradeBookCertificateRepository is NULL');
+            return false;
+        }
+
         $categoryId = 0;
+        $category   = null;
         $isCertificateAvailableInCategory = false;
-        $category = null;
+
+        // If the certificate is linked to a Gradebook category, check availability
         if (isset($this->certificate_data['cat_id'])) {
             $categoryId = (int) $this->certificate_data['cat_id'];
+
+            // Category::load() returns an array
             $myCategory = Category::load($categoryId);
-            $repo = Container::getGradeBookCategoryRepository();
-            /** @var GradebookCategory $category */
-            $category = $repo->find($categoryId);
-            $isCertificateAvailableInCategory = !empty($categoryId) && $myCategory[0]->is_certificate_available($this->user_id);
+
+            try {
+                $repo = Container::getGradeBookCategoryRepository();
+                /** @var GradebookCategory|null $category */
+                $category = $repo ? $repo->find($categoryId) : null;
+            } catch (\Throwable $e) {
+                error_log('[CERT::generate] category repo fetch failed: '.$e->getMessage());
+                $category = null;
+            }
+
+            if (!empty($categoryId) && !empty($myCategory) && isset($myCategory[0])) {
+                $isCertificateAvailableInCategory = $myCategory[0]->is_certificate_available($this->user_id);
+            }
         }
-        $container = Container::getResourceNodeRepository();
-        $filesystem = $container->getFileSystem();
 
+        // Path A: course/session-bound certificate (category context)
         if ($isCertificateAvailableInCategory && null !== $category) {
-            $courseInfo = api_get_course_info($category->getCourse()->getCode());
-            $courseId = $courseInfo['real_id'];
-            $sessionId = $category->getSession() ? $category->getSession()->getId() : 0;
+            // Course/session info
+            $course     = $category->getCourse();
+            $courseInfo = api_get_course_info($course->getCode());
+            $courseId   = $courseInfo['real_id'];
+            $sessionId  = $category->getSession() ? (int) $category->getSession()->getId() : 0;
+
+            try {
+                $skill = new SkillModel();
+                $skill->addSkillToUser(
+                    $this->user_id,
+                    $category,
+                    $courseId,
+                    $sessionId
+                );
+            } catch (\Throwable $e) {
+                error_log('[CERT::generate] addSkillToUser failed: '.$e->getMessage());
+            }
 
-            $skill = new SkillModel();
-            $skill->addSkillToUser(
+            $categoryHasDefaultTemplate = false;
+            $documentIdForLog = null;
+            try {
+                $doc = $category->getDocument();
+                if ($doc !== null) {
+                    $categoryHasDefaultTemplate = true;
+                    try {
+                        $documentIdForLog = method_exists($doc, 'getId') ? $doc->getId() : null;
+                    } catch (\Throwable $ignored) {
+                        $documentIdForLog = null;
+                    }
+                }
+            } catch (\Throwable $e) {
+                error_log('[CERT::generate] getDocument() failed (no default template): '.$e->getMessage());
+                $categoryHasDefaultTemplate = false;
+            }
+
+            $gb = GradebookUtils::get_user_certificate_content(
                 $this->user_id,
-                $category,
-                $courseId,
-                $sessionId
+                $course->getId(),
+                $sessionId,
+                false,
+                $params['hide_print_button']
             );
 
-            if (!empty($this->certificate_data)) {
-                $newContentHtml = GradebookUtils::get_user_certificate_content(
-                    $this->user_id,
-                    $category->getCourse()->getId(),
-                    $category->getSession() ? $category->getSession()->getId() : 0,
-                    false,
-                    $params['hide_print_button']
-                );
+            $score = 100.0;
+            if (is_array($gb) && isset($gb['score'])) {
+                $score = (float)$gb['score'];
+            }
 
-                if ($category->getId() == $categoryId) {
-                    $myPathCertificate = $this->certificate_data['path_certificate'] ?? '';
-
-                    if ($filesystem->fileExists($myPathCertificate) &&
-                        !$this->force_certificate_generation
-                    ) {
-                        // Seems that the file was already generated
-                        return true;
-                    } else {
-                        // Creating new name
-                        $name = hash('sha256', $this->user_id . $categoryId);
-                        $fileName = $name . '.html';
-                        $gradebookCertificateRepo = Container::getGradeBookCertificateRepository();
-                        $personalFile = $gradebookCertificateRepo->generateCertificatePersonalFile($this->user_id, $fileName, $newContentHtml['content']);
-
-                        if (null !== $personalFile) {
-                            $result = true;
-                            // Updating the path
-                            $this->updateUserCertificateInfo(
-                                $this->certificate_data['cat_id'],
-                                $this->user_id,
-                                $fileName
-                            );
-                            $this->certification_user_path = $fileName;
-                            $this->certificate_data['path_certificate'] = $fileName;
-
-                            if ($this->isHtmlFileGenerated()) {
-                                if ($sendNotification) {
-                                    $subject = get_lang('Certificate notification');
-                                    $message = nl2br(get_lang('((user_first_name)),'));
-                                    $score = $this->certificate_data['score_certificate'];
-                                    self::sendNotification(
-                                        $subject,
-                                        $message,
-                                        api_get_user_info($this->user_id),
-                                        $courseInfo,
-                                        [
-                                            'score_certificate' => $score,
-                                        ]
-                                    );
-                                }
-                            }
-                        }
+            $html   = '';
+            $source = '';
 
-                        return $result;
-                    }
+            if ($categoryHasDefaultTemplate) {
+                if (is_array($gb) && !empty($gb['content'])) {
+                    $html   = (string)$gb['content'];
+                    $source = 'DEFAULT_TEMPLATE';
+                } elseif (is_string($gb) && $gb !== '') {
+                    $html   = $gb;
+                    $source = 'DEFAULT_TEMPLATE';
                 }
+            } else {
+                error_log(sprintf(
+                    '[CERT::generate] course DEFAULT template NOT found. cat=%d user=%d -> fallback to CUSTOM',
+                    (int)$categoryId,
+                    (int)$this->user_id
+                ));
             }
-        } else {
-            $name = hash('sha256', $this->user_id . $categoryId);
-            $fileName = $name . '.html';
-            $certificateContent = $this->generateCustomCertificate($fileName);
 
-            $gradebookCertificateRepo = Container::getGradeBookCertificateRepository();
-            $personalFile = $gradebookCertificateRepo->generateCertificatePersonalFile($this->user_id, $fileName, $certificateContent);
+            if ($html === '') {
+                $html   = $this->generateCustomCertificate('');
+                $source = 'CUSTOM_TEMPLATE_FALLBACK';
+            }
 
-            if ($personalFile !== null) {
-                $personalRepo = Container::getPersonalFileRepository();
-                $this->certificate_data['file_content'] = $personalRepo->getResourceFileContent($personalFile);
-                $this->certificate_data['path_certificate'] = $fileName;
+            if ($html === '') {
+                error_log(sprintf(
+                    '[CERT::generate] Empty HTML on category path. cat=%d user=%d',
+                    (int)$categoryId,
+                    (int)$this->user_id
+                ));
+                return false;
             }
 
-            return true;
+            try {
+                // Persist as Resource and register legacy info (no PersonalFile)
+                $entity = $certRepo->upsertCertificateResource($categoryId, $this->user_id, $score, $html);
+                $certRepo->registerUserInfoAboutCertificate($categoryId, $this->user_id, $score);
+
+                // Ensure PDF flow has the HTML in memory
+                $this->certificate_data['file_content']     = $html;
+                $this->certificate_data['path_certificate'] = '';
+
+                // Send notification if required (we have course context here)
+                if ($sendNotification) {
+                    $subject = get_lang('Certificate notification');
+                    $message = nl2br(get_lang('((user_first_name)),'));
+                    $htmlUrl = '';
+                    try {
+                        $htmlUrl = $certRepo->getResourceFileUrl($entity);
+                    } catch (\Throwable $e) {
+                        error_log('[CERT::generate] getResourceFileUrl failed for notification: '.$e->getMessage());
+                    }
+
+                    self::sendNotification(
+                        $subject,
+                        $message,
+                        api_get_user_info($this->user_id),
+                        $courseInfo,
+                        [
+                            'score_certificate' => $score,
+                            'html_url'          => $htmlUrl,
+                        ]
+                    );
+                }
+
+                return true;
+            } catch (\Throwable $e) {
+                error_log(sprintf(
+                    '[CERT::generate] Upsert FAILED (course). cat=%d user=%d err=%s',
+                    (int)$categoryId,
+                    (int)$this->user_id,
+                    $e->getMessage()
+                ));
+                return false;
+            }
         }
 
-        return false;
+        // Path B: general (portal-wide) certificate
+        try {
+            $html  = $this->generateCustomCertificate('');
+            $score = 100.0;
+
+            if ($html === '') {
+                error_log(sprintf(
+                    '[CERT::generate] Empty HTML on general path. user=%d',
+                    (int)$this->user_id
+                ));
+                return false;
+            }
+
+            $entity = $certRepo->upsertCertificateResource(0, $this->user_id, $score, $html);
+            $certRepo->registerUserInfoAboutCertificate(0, $this->user_id, $score);
+
+            $this->certificate_data['file_content']     = $html;
+            $this->certificate_data['path_certificate'] = ''; // resource
+
+            return true;
+        } catch (\Throwable $e) {
+            error_log(sprintf(
+                '[CERT::generate] Upsert FAILED (general). user=%d err=%s',
+                (int)$this->user_id,
+                $e->getMessage()
+            ));
+            return false;
+        }
     }
 
     /**
@@ -301,7 +494,11 @@ public static function sendNotification(
 
         $currentUserInfo = api_get_user_info();
         $url = '';
-        if (!empty($certificateInfo['path_certificate'])) {
+
+        // Prefer resource URL if present
+        if (!empty($certificateInfo['html_url'])) {
+            $url = $certificateInfo['html_url'];
+        } elseif (!empty($certificateInfo['path_certificate'])) {
             $hash = pathinfo($certificateInfo['path_certificate'], PATHINFO_FILENAME);
             $url = api_get_path(WEB_PATH) . 'certificates/' . $hash . '.html';
         }
@@ -347,25 +544,17 @@ public function updateUserCertificateInfo(
         $path_certificate,
         $updateCertificateData = true
     ) {
-        $categoryId = (int) $categoryId;
-        $user_id = (int) $user_id;
-
-        $categoryCondition = 'cat_id = "'.$categoryId.'"';
-        if ($categoryId == 0) {
-            $categoryCondition = 'cat_id IS NULL';
+        if (!$updateCertificateData) {
+            return;
         }
+        $certRepo = Container::getGradeBookCertificateRepository();
 
-        if ($updateCertificateData &&
-            !UserManager::is_user_certified($categoryId, $user_id)
-        ) {
-            $table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
-            $now = api_get_utc_datetime();
-            $sql = 'UPDATE '.$table.' SET
-                        path_certificate="'.Database::escape_string($path_certificate).'",
-                        created_at = "'.$now.'"
-                    WHERE '.$categoryCondition.' AND user_id="'.$user_id.'" ';
-            Database::query($sql);
-        }
+        $certRepo->registerUserInfoAboutCertificate(
+            (int)$categoryId,
+            (int)$user_id,
+            (float)($this->certificate_data['score_certificate'] ?? 100.0),
+            (string)$path_certificate
+        );
     }
 
     /**
@@ -522,17 +711,22 @@ public function isVisible()
      */
     public function isAvailable()
     {
-        if (empty($this->certificate_data['path_certificate'])) {
-            return false;
-        }
+        $certRepo = Container::getGradeBookCertificateRepository();
+
+        $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
+
+        try {
+            $entity = $certRepo->getCertificateByUserId(0 === $categoryId ? null : $categoryId, $this->user_id);
+            if (!$entity || !$entity->hasResourceNode()) {
+                return false;
+            }
 
-        $container = Container::getResourceNodeRepository();
-        $filesystem = $container->getFileSystem();
-        if (!$filesystem->fileExists($this->certificate_data['path_certificate'])) {
+            $node = $entity->getResourceNode();
+            return $node->hasResourceFile() && $node->getResourceFiles()->count() > 0;
+        } catch (\Throwable $e) {
+            error_log('[CERTIFICATE::isAvailable] check error: '.$e->getMessage());
             return false;
         }
-
-        return true;
     }
 
     /**
@@ -540,20 +734,21 @@ public function isAvailable()
      */
     public function show()
     {
-        $container = Container::getResourceNodeRepository();
-        $filesystem = $container->getFileSystem();
-        if ($filesystem->fileExists($this->certificate_data['path_certificate'])) {
-            // Needed in order to browsers don't add custom CSS
-            $certificateContent = '<!DOCTYPE html>';
-            $certificateContent .= $filesystem->read($this->certificate_data['path_certificate']);
+        $certRepo = Container::getGradeBookCertificateRepository();
+        $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
 
-            // Remove media=screen to be available when printing a document
-            $certificateContent = str_replace(
-                ' media="screen"',
-                '',
-                $certificateContent
-            );
+        try {
+            $entity = $certRepo->getCertificateByUserId(0 === $categoryId ? null : $categoryId, $this->user_id);
+            if (!$entity || !$entity->hasResourceNode()) {
+                api_not_allowed(true);
+            }
+
+            // Read HTML content from the Resource layer
+            $certificateContent = '<!DOCTYPE html>';
+            $certificateContent .= $certRepo->getResourceFileContent($entity);
+            $certificateContent = str_replace(' media="screen"', '', $certificateContent);
 
+            // Track “downloaded_at” (legacy extra fields)
             if ($this->user_id == api_get_user_id() &&
                 !empty($this->certificate_data) &&
                 isset($this->certificate_data['id'])
@@ -575,10 +770,11 @@ public function show()
 
             header('Content-Type: text/html; charset='.api_get_system_encoding());
             echo $certificateContent;
-
             return;
+        } catch (\Throwable $e) {
+            error_log('[CERTIFICATE::show] read error: '.$e->getMessage());
+            api_not_allowed(true);
         }
-        api_not_allowed(true);
     }
 
     /**
@@ -756,6 +952,20 @@ public function generatePdfFromCustomCertificate(): void
         $page_format = 'landscape' == $params['orientation'] ? 'A4-L' : 'A4';
         $pdf = new PDF($page_format, $params['orientation'], $params);
 
+        // Safety: ensure HTML content is present; fetch from Resource if needed.
+        if (empty($this->certificate_data['file_content'])) {
+            try {
+                $certRepo   = Container::getGradeBookCertificateRepository();
+                $categoryId = isset($this->certificate_data['cat_id']) ? (int) $this->certificate_data['cat_id'] : 0;
+                $entity     = $certRepo->getCertificateByUserId(0 === $categoryId ? null : $categoryId, $this->user_id);
+                if ($entity && $entity->hasResourceNode()) {
+                    $this->certificate_data['file_content'] = $certRepo->getResourceFileContent($entity);
+                }
+            } catch (\Throwable $e) {
+                error_log('[CERT::generatePdfFromCustomCertificate] fallback read error: '.$e->getMessage());
+            }
+        }
+
         $pdf->content_to_pdf(
             $this->certificate_data['file_content'],
             null,
diff --git a/public/main/lp/lp_final_item.php b/public/main/lp/lp_final_item.php
index e97b9985867..b10186963d1 100644
--- a/public/main/lp/lp_final_item.php
+++ b/public/main/lp/lp_final_item.php
@@ -140,25 +140,32 @@ function safeGenerateCertificateForCategory(GradebookCategory $category, int $us
     $sessId   = $session ? $session->getId() : 0;
     $catId    = (int) $category->getId();
 
-    $gb   = GradebookUtils::get_user_certificate_content($userId, $courseId, $sessId);
-    $html = (is_array($gb) && isset($gb['content'])) ? $gb['content'] : '';
+    // Build certificate content & score
+    $gb    = GradebookUtils::get_user_certificate_content($userId, $courseId, $sessId);
+    $html  = (is_array($gb) && isset($gb['content'])) ? $gb['content'] : '';
     $score = isset($gb['score']) ? (float) $gb['score'] : 100.0;
-    $fileName = ltrim(hash('sha256', $userId.$catId).'.html', '/');
 
     $certRepo = Container::getGradeBookCertificateRepository();
-    $pf = $certRepo->generateCertificatePersonalFile($userId, $fileName, $html);
+
+    $htmlUrl = '';
+    $pdfUrl  = '';
+
     try {
-        $certRepo->registerUserInfoAboutCertificate($catId, $userId, $score, $fileName);
+        // Store/refresh as Resource (controlled access; not shown in "My personal files")
+        $cert = $certRepo->upsertCertificateResource($catId, $userId, $score, $html);
+
+        // (Optional) keep metadata (created_at/score). Filename is not required anymore.
+        $certRepo->registerUserInfoAboutCertificate($catId, $userId, $score);
+
+        // Build URLs from the Resource layer
+        // View URL (first resource file assigned to the node – here the HTML we just uploaded)
+        $htmlUrl = $certRepo->getResourceFileUrl($cert);
     } catch (\Throwable $e) {
         error_log('[LP_FINAL] register cert error: '.$e->getMessage());
     }
 
-    $hash    = pathinfo($fileName, PATHINFO_FILENAME);
-    $htmlUrl = api_get_path(WEB_PATH).'certificates/'.$hash.'.html';
-    $pdfUrl  = api_get_path(WEB_PATH).'certificates/'.$hash.'.pdf';
-
     return [
-        'path_certificate' => $fileName,
+        'path_certificate' => (string) ($cert->getPathCertificate() ?? ''),
         'html_url'         => $htmlUrl,
         'pdf_url'          => $pdfUrl,
     ];
diff --git a/src/CoreBundle/Controller/CertificateController.php b/src/CoreBundle/Controller/CertificateController.php
index f53bf9fbd74..95c6d495672 100644
--- a/src/CoreBundle/Controller/CertificateController.php
+++ b/src/CoreBundle/Controller/CertificateController.php
@@ -6,9 +6,11 @@
 
 namespace Chamilo\CoreBundle\Controller;
 
+use Chamilo\CoreBundle\Entity\GradebookCertificate;
 use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\Helpers\UserHelper;
 use Chamilo\CoreBundle\Repository\GradebookCertificateRepository;
+use Chamilo\CoreBundle\Repository\ResourceNodeRepository;
 use Chamilo\CoreBundle\Settings\SettingsManager;
 use Mpdf\Mpdf;
 use Mpdf\MpdfException;
@@ -26,145 +28,228 @@ class CertificateController extends AbstractController
     public function __construct(
         private readonly GradebookCertificateRepository $certificateRepository,
         private readonly SettingsManager $settingsManager,
-        private readonly UserHelper $userHelper
+        private readonly UserHelper $userHelper,
+        private readonly ResourceNodeRepository $resourceNodeRepository,
     ) {}
 
     #[Route('/{hash}.html', name: 'chamilo_certificate_public_view', methods: ['GET'])]
     public function view(string $hash): Response
     {
-        // Build the expected certificate filename from the hash
-        $filename = $hash.'.html';
-        $candidates = [$filename, '/'.$filename, $hash, '/'.$hash];
+        // Resolve certificate row (keeps legacy path logic working)
+        [$certificate] = $this->resolveCertificateByHash($hash);
 
-        $certificate = null;
-        $matchedPath = '';
-        foreach ($candidates as $cand) {
-            $row = $this->certificateRepository->findOneBy(['pathCertificate' => $cand]);
-            if ($row) {
-                $certificate = $row;
-                $matchedPath = $cand;
+        // Permission checks
+        $this->assertCertificateAccess($certificate);
 
-                break;
-            }
-        }
-        if (!$certificate) {
-            throw new NotFoundHttpException('The requested certificate does not exist.');
-        }
+        // Read HTML from resource storage (new) or personal-file (legacy)
+        $html = $this->readCertificateHtml($certificate, $hash);
+        $html = str_replace(' media="screen"', '', $html);
 
-        // Check if public access is globally allowed and certificate is marked as published
-        $allowPublic = 'true' === $this->settingsManager->getSetting('certificate.allow_public_certificates', true);
-        $allowSessionAdmin = 'true' === $this->settingsManager->getSetting('certificate.session_admin_can_download_all_certificates', true);
-        $user = $this->userHelper->getCurrent();
-        $securityUser = $this->getUser();
-        $isOwner = $securityUser && method_exists($securityUser, 'getId') && $user->getId() === $securityUser->getId();
-        $isPlatformAdmin = method_exists($user, 'isAdmin') && $user->isAdmin();
+        return new Response('<!DOCTYPE html>'.$html, 200, [
+            'Content-Type' => 'text/html; charset=UTF-8',
+        ]);
+    }
 
-        if (!$isOwner && !$isPlatformAdmin) {
-            $isPublic = ($allowPublic && $certificate->getPublish());
-            $isSessAdminAllowed = ($allowSessionAdmin && method_exists($user, 'isSessionAdmin') && $user->isSessionAdmin());
-            if (!$isPublic && !$isSessAdminAllowed) {
-                throw new AccessDeniedHttpException('The requested certificate is not public.');
-            }
-        }
+    #[Route('/{hash}.pdf', name: 'chamilo_certificate_public_pdf', methods: ['GET'])]
+    public function downloadPdf(string $hash): Response
+    {
+        // Resolve certificate row
+        [$certificate] = $this->resolveCertificateByHash($hash);
 
-        // Fetch the actual certificate file from personal files using its title
-        $personalFileRepo = Container::getPersonalFileRepository();
-        $pf = null;
-        $pfMatch = '';
-        foreach ($candidates as $cand) {
-            $row = $personalFileRepo->findOneBy(['title' => $cand]);
-            if ($row) {
-                $pf = $row;
-                $pfMatch = $cand;
+        // Permission checks
+        $this->assertCertificateAccess($certificate);
 
-                break;
-            }
-        }
-        if (!$pf) {
-            throw new NotFoundHttpException('The certificate file was not found.');
-        }
+        // Read HTML and render PDF
+        $html = $this->readCertificateHtml($certificate, $hash);
+        $html = str_replace(' media="screen"', '', $html);
 
-        $content = $personalFileRepo->getResourceFileContent($pf);
-        $content = str_replace(' media="screen"', '', $content);
+        try {
+            $mpdf = new Mpdf([
+                'format'  => 'A4',
+                'tempDir' => api_get_path(SYS_ARCHIVE_PATH).'mpdf/',
+            ]);
+            $mpdf->WriteHTML($html);
+            $pdfBinary = $mpdf->Output('', Destination::STRING_RETURN);
 
-        // Return the certificate as a raw HTML response
-        return new Response('<!DOCTYPE html>'.$content, 200, [
-            'Content-Type' => 'text/html; charset=UTF-8',
-        ]);
+            return new Response(
+                $pdfBinary,
+                200,
+                [
+                    'Content-Type'        => 'application/pdf',
+                    'Content-Disposition' => 'attachment; filename="certificate.pdf"',
+                ]
+            );
+        } catch (MpdfException $e) {
+            throw new RuntimeException('Failed to generate PDF: '.$e->getMessage(), 500, $e);
+        }
     }
 
-    #[Route('/{hash}.pdf', name: 'chamilo_certificate_public_pdf', methods: ['GET'])]
-    public function downloadPdf(string $hash): Response
+    /**
+     * Resolve the certificate row via path.
+     *
+     * @return array{0: GradebookCertificate, 1: string}
+     *
+     * @throws NotFoundHttpException
+     */
+    private function resolveCertificateByHash(string $hash): array
     {
-        $filename = $hash.'.html';
+        $filename   = $hash.'.html';
         $candidates = [$filename, '/'.$filename, $hash, '/'.$hash];
 
         $certificate = null;
         $matchedPath = '';
+
         foreach ($candidates as $cand) {
             $row = $this->certificateRepository->findOneBy(['pathCertificate' => $cand]);
             if ($row) {
                 $certificate = $row;
                 $matchedPath = $cand;
-
                 break;
             }
         }
-        if (!$certificate) {
-            throw $this->createNotFoundException('The requested certificate does not exist.');
+
+        if (!$certificate instanceof GradebookCertificate) {
+            throw new NotFoundHttpException('The requested certificate does not exist.');
         }
 
-        $allowPublic = 'true' === $this->settingsManager->getSetting('certificate.allow_public_certificates', true);
+        return [$certificate, $matchedPath];
+    }
+
+    /**
+     * Owner/admin OR (public+published) OR (session admin if allowed).
+     *
+     * @throws AccessDeniedHttpException
+     */
+    private function assertCertificateAccess(GradebookCertificate $certificate): void
+    {
+        $allowPublic       = 'true' === $this->settingsManager->getSetting('certificate.allow_public_certificates', true);
         $allowSessionAdmin = 'true' === $this->settingsManager->getSetting('certificate.session_admin_can_download_all_certificates', true);
-        $user = $this->userHelper->getCurrent();
+
+        $user         = $this->userHelper->getCurrent();
         $securityUser = $this->getUser();
-        $isOwner = $securityUser && method_exists($securityUser, 'getId') && $user->getId() === $securityUser->getId();
+
+        $isOwner         = $securityUser && method_exists($securityUser, 'getId') && $user->getId() === $securityUser->getId();
         $isPlatformAdmin = method_exists($user, 'isAdmin') && $user->isAdmin();
 
-        if (!$isOwner && !$isPlatformAdmin) {
-            $isPublic = ($allowPublic && $certificate->getPublish());
-            $isSessAdminAllowed = ($allowSessionAdmin && method_exists($user, 'isSessionAdmin') && $user->isSessionAdmin());
-            if (!$isPublic && !$isSessAdminAllowed) {
-                throw new AccessDeniedHttpException('The requested certificate is not public.');
+        if ($isOwner || $isPlatformAdmin) {
+            return;
+        }
+
+        $isPublic           = ($allowPublic && $certificate->getPublish());
+        $isSessAdminAllowed = ($allowSessionAdmin && method_exists($user, 'isSessionAdmin') && $user->isSessionAdmin());
+
+        if (!$isPublic && !$isSessAdminAllowed) {
+            throw new AccessDeniedHttpException('The requested certificate is not public.');
+        }
+    }
+
+    /**
+     * Returns certificate HTML from resource-node (new flow) or personal file (legacy).
+     *
+     * It tries multiple physical paths to accommodate different storage layouts:
+     *  1) node->getPath() + ResourceFile->title
+     *  2) node->getPath() + ResourceFile->original_name
+     *  3) sharded path "resource/<a>/<b>/<c>/<file>" using title
+     *  4) sharded path "resource/<a>/<b>/<c>/<file>" using original_name
+     *  5) final fallback: generic getResourceNodeFileContent()
+     *  6) legacy fallback: PersonalFile by title
+     *
+     * @throws NotFoundHttpException
+     */
+    private function readCertificateHtml(GradebookCertificate $certificate, string $hash): string
+    {
+        // Preferred flow: read from ResourceNode
+        if ($certificate->hasResourceNode()) {
+            $node = $certificate->getResourceNode();
+            $fs   = $this->resourceNodeRepository->getFileSystem();
+
+            if ($fs) {
+                $basePath = rtrim((string) $node->getPath(), '/');
+
+                // Helper to create sharded path: resource/7/4/3/<filename>
+                $sharded = static function (string $filename): string {
+                    $a = $filename[0] ?? '_';
+                    $b = $filename[1] ?? '_';
+                    $c = $filename[2] ?? '_';
+
+                    return sprintf('resource/%s/%s/%s/%s', $a, $b, $c, $filename);
+                };
+
+                // Try via ResourceFile->title first (this is usually the stored physical filename)
+                foreach ($node->getResourceFiles() as $rf) {
+                    $title = (string) $rf->getTitle();
+                    if ($title !== '') {
+                        if ($basePath !== '') {
+                            $p = $basePath.'/'.$title;
+                            if ($fs->fileExists($p)) {
+                                $content = $fs->read($p);
+                                if ($content !== false && $content !== null) {
+                                    return $content;
+                                }
+                            }
+                        }
+
+                        $p2 = $sharded($title);
+                        if ($fs->fileExists($p2)) {
+                            $content = $fs->read($p2);
+                            if ($content !== false && $content !== null) {
+                                return $content;
+                            }
+                        }
+                    }
+                }
+
+                // Try via ResourceFile->original_name
+                foreach ($node->getResourceFiles() as $rf) {
+                    $orig = (string) $rf->getOriginalName();
+                    if ($orig !== '') {
+                        if ($basePath !== '') {
+                            $p = $basePath.'/'.$orig;
+                            if ($fs->fileExists($p)) {
+                                $content = $fs->read($p);
+                                if ($content !== false && $content !== null) {
+                                    return $content;
+                                }
+                            }
+                        }
+
+                        $p2 = $sharded($orig);
+                        if ($fs->fileExists($p2)) {
+                            $content = $fs->read($p2);
+                            if ($content !== false && $content !== null) {
+                                return $content;
+                            }
+                        }
+                    }
+                }
+            }
+
+            // Final resource fallback (may still fail if no default file is set)
+            try {
+                return $this->resourceNodeRepository->getResourceNodeFileContent($node);
+            } catch (\Throwable $e) {
+                // Continue to legacy fallback
             }
         }
 
+        // Legacy flow: PersonalFile by title
+        $filename   = $hash.'.html';
+        $candidates = [$filename, '/'.$filename, $hash, '/'.$hash];
+
         $personalFileRepo = Container::getPersonalFileRepository();
         $pf = null;
-        $pfMatch = '';
         foreach ($candidates as $cand) {
             $row = $personalFileRepo->findOneBy(['title' => $cand]);
             if ($row) {
                 $pf = $row;
-                $pfMatch = $cand;
-
                 break;
             }
         }
+
         if (!$pf) {
-            throw $this->createNotFoundException('The certificate file was not found.');
+            throw new NotFoundHttpException('The certificate file was not found.');
         }
 
-        $html = $personalFileRepo->getResourceFileContent($pf);
-        $html = str_replace(' media="screen"', '', $html);
-
-        try {
-            $mpdf = new Mpdf([
-                'format' => 'A4',
-                'tempDir' => api_get_path(SYS_ARCHIVE_PATH).'mpdf/',
-            ]);
-            $mpdf->WriteHTML($html);
-
-            return new Response(
-                $mpdf->Output('certificate.pdf', Destination::DOWNLOAD),
-                200,
-                [
-                    'Content-Type' => 'application/pdf',
-                    'Content-Disposition' => 'attachment; filename="certificate.pdf"',
-                ]
-            );
-        } catch (MpdfException $e) {
-            throw new RuntimeException('Failed to generate PDF: '.$e->getMessage(), 500, $e);
-        }
+        return $personalFileRepo->getResourceFileContent($pf);
     }
 }
diff --git a/src/CoreBundle/Entity/GradebookCertificate.php b/src/CoreBundle/Entity/GradebookCertificate.php
index f5cf73554f8..9c3feef4d61 100644
--- a/src/CoreBundle/Entity/GradebookCertificate.php
+++ b/src/CoreBundle/Entity/GradebookCertificate.php
@@ -11,11 +11,12 @@
 use DateTime;
 use Doctrine\ORM\Mapping as ORM;
 use Gedmo\Mapping\Annotation as Gedmo;
+use Stringable;
 
 #[ORM\Table(name: 'gradebook_certificate')]
 #[ORM\Index(columns: ['user_id'], name: 'idx_gradebook_certificate_user_id')]
 #[ORM\Entity(repositoryClass: GradebookCertificateRepository::class)]
-class GradebookCertificate
+class GradebookCertificate extends AbstractResource implements ResourceInterface, Stringable
 {
     use UserTrait;
 
@@ -48,99 +49,101 @@ class GradebookCertificate
     #[ORM\Column(name: 'publish', type: 'boolean', options: ['default' => false])]
     protected bool $publish = false;
 
-    public function setScoreCertificate(float $scoreCertificate): self
+    public function __toString(): string
     {
-        $this->scoreCertificate = $scoreCertificate;
+        $user = isset($this->user) ? $this->user->getUsername() : 'user';
+        $when = isset($this->createdAt) ? $this->createdAt->format('Y-m-d H:i') : 'pending';
+        return "Certificate for {$user} ({$when})";
+    }
 
+    public function getResourceIdentifier(): int
+    {
+        return $this->getId();
+    }
+
+    public function getResourceName(): string
+    {
+        return (string) $this;
+    }
+
+    public function setResourceName(string $name)
+    {
         return $this;
     }
 
-    /**
-     * Get scoreCertificate.
-     *
-     * @return float
-     */
-    public function getScoreCertificate()
+    public function getId(): ?int
     {
-        return $this->scoreCertificate;
+        return $this->id;
     }
 
-    public function setCreatedAt(DateTime $createdAt): self
+    public function setCategory(?GradebookCategory $category): self
     {
-        $this->createdAt = $createdAt;
+        $this->category = $category;
 
         return $this;
     }
 
-    /**
-     * Get createdAt.
-     *
-     * @return DateTime
-     */
-    public function getCreatedAt()
+    public function getCategory(): ?GradebookCategory
     {
-        return $this->createdAt;
+        return $this->category;
     }
 
-    public function setPathCertificate(string $pathCertificate): self
+    public function setUser(User $user): self
     {
-        $this->pathCertificate = $pathCertificate;
+        $this->user = $user;
 
         return $this;
     }
 
-    /**
-     * Get pathCertificate.
-     *
-     * @return string
-     */
-    public function getPathCertificate()
+    public function getUser(): User
     {
-        return $this->pathCertificate;
+        return $this->user;
     }
 
-    /**
-     * Get id.
-     *
-     * @return int
-     */
-    public function getId()
+    public function setScoreCertificate(float $scoreCertificate): self
     {
-        return $this->id;
+        $this->scoreCertificate = $scoreCertificate;
+
+        return $this;
     }
 
-    public function getDownloadedAt(): DateTime
+    public function getScoreCertificate(): float
     {
-        return $this->downloadedAt;
+        return $this->scoreCertificate;
     }
 
-    public function setDownloadedAt(DateTime $downloadedAt): self
+    public function setCreatedAt(DateTime $createdAt): self
     {
-        $this->downloadedAt = $downloadedAt;
+        $this->createdAt = $createdAt;
 
         return $this;
     }
 
-    public function getCategory(): ?GradebookCategory
+    public function getCreatedAt(): DateTime
     {
-        return $this->category;
+        return $this->createdAt;
     }
 
-    public function setCategory(GradebookCategory $category): self
+    public function setPathCertificate(?string $pathCertificate): self
     {
-        $this->category = $category;
+        $this->pathCertificate = $pathCertificate;
 
         return $this;
     }
 
-    public function getUser(): User
+    public function getPathCertificate(): ?string
     {
-        return $this->user;
+        return $this->pathCertificate;
     }
 
-    public function setUser(User $user): self
+    public function getDownloadedAt(): ?DateTime
     {
-        $this->user = $user;
+        return $this->downloadedAt;
+    }
+
+    public function setDownloadedAt(?DateTime $downloadedAt): self
+    {
+        $this->downloadedAt = $downloadedAt;
 
         return $this;
     }
diff --git a/src/CoreBundle/Migrations/Schema/V200/Version20251020000400.php b/src/CoreBundle/Migrations/Schema/V200/Version20251020000400.php
new file mode 100644
index 00000000000..618213690e3
--- /dev/null
+++ b/src/CoreBundle/Migrations/Schema/V200/Version20251020000400.php
@@ -0,0 +1,66 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Migrations\Schema\V200;
+
+use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
+use Doctrine\DBAL\Schema\Schema;
+
+final class Version20251020000400 extends AbstractMigrationChamilo
+{
+    public function getDescription(): string
+    {
+        return 'Add resource_node_id, FK and UNIQUE index to gradebook_certificate';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql('SET FOREIGN_KEY_CHECKS=0;');
+        $this->addSql('SET UNIQUE_CHECKS=0;');
+
+        if ($schema->hasTable('gradebook_certificate') && $schema->hasTable('resource_node')) {
+            $table = $schema->getTable('gradebook_certificate');
+
+            if (!$table->hasColumn('resource_node_id')) {
+                $this->addSql('ALTER TABLE gradebook_certificate ADD resource_node_id INT DEFAULT NULL;');
+            }
+
+            $this->addSql('ALTER TABLE gradebook_certificate ADD CONSTRAINT FK_650669D1BAD783F FOREIGN KEY (resource_node_id) REFERENCES resource_node (id) ON DELETE CASCADE;');
+
+            if (!$table->hasIndex('UNIQ_650669D1BAD783F')) {
+                $this->addSql('CREATE UNIQUE INDEX UNIQ_650669D1BAD783F ON gradebook_certificate (resource_node_id);');
+            }
+        } else {
+            error_log('Table gradebook_certificate or resource_node not found. Skipping changes.');
+        }
+
+        $this->addSql('SET UNIQUE_CHECKS=1;');
+        $this->addSql('SET FOREIGN_KEY_CHECKS=1;');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('SET FOREIGN_KEY_CHECKS=0;');
+        $this->addSql('SET UNIQUE_CHECKS=0;');
+
+        if ($schema->hasTable('gradebook_certificate')) {
+            $table = $schema->getTable('gradebook_certificate');
+
+            $this->addSql('ALTER TABLE gradebook_certificate DROP FOREIGN KEY FK_650669D1BAD783F;');
+
+            if ($table->hasIndex('UNIQ_650669D1BAD783F')) {
+                $this->addSql('DROP INDEX UNIQ_650669D1BAD783F ON gradebook_certificate;');
+            }
+
+            if ($table->hasColumn('resource_node_id')) {
+                $this->addSql('ALTER TABLE gradebook_certificate DROP COLUMN resource_node_id;');
+            }
+        }
+
+        $this->addSql('SET UNIQUE_CHECKS=1;');
+        $this->addSql('SET FOREIGN_KEY_CHECKS=1;');
+    }
+}
diff --git a/src/CoreBundle/Migrations/Schema/V200/Version20251020121000.php b/src/CoreBundle/Migrations/Schema/V200/Version20251020121000.php
new file mode 100644
index 00000000000..8eaa5b90e77
--- /dev/null
+++ b/src/CoreBundle/Migrations/Schema/V200/Version20251020121000.php
@@ -0,0 +1,271 @@
+<?php
+
+declare(strict_types=1);
+
+/* For licensing terms, see /license.txt */
+
+namespace Chamilo\CoreBundle\Migrations\Schema\V200;
+
+use Chamilo\CoreBundle\Entity\GradebookCertificate;
+use Chamilo\CoreBundle\Entity\PersonalFile;
+use Chamilo\CoreBundle\Entity\ResourceNode;
+use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
+use Chamilo\CoreBundle\Repository\GradebookCertificateRepository;
+use Chamilo\CoreBundle\Repository\Node\PersonalFileRepository;
+use Chamilo\CoreBundle\Repository\ResourceNodeRepository;
+use Doctrine\DBAL\Schema\Schema;
+
+final class Version20251020121000 extends AbstractMigrationChamilo
+{
+    private const DEBUG = true;
+
+    public function getDescription(): string
+    {
+        return 'Migrate gradebook certificates from PersonalFile into resource-based storage; delete PersonalFile only after a successful migration.';
+    }
+
+    public function up(Schema $schema): void
+    {
+        /** @var GradebookCertificateRepository $certRepo */
+        $certRepo = $this->container->get(GradebookCertificateRepository::class);
+        /** @var PersonalFileRepository $personalRepo */
+        $personalRepo = $this->container->get(PersonalFileRepository::class);
+        /** @var ResourceNodeRepository $rnRepo */
+        $rnRepo = $this->container->get(ResourceNodeRepository::class);
+
+        $em = $this->entityManager;
+
+        // missing resource node but having a legacy path.
+        $dql = 'SELECT gc
+                FROM Chamilo\CoreBundle\Entity\GradebookCertificate gc
+                WHERE gc.resourceNode IS NULL
+                  AND gc.pathCertificate IS NOT NULL
+                  AND gc.pathCertificate <> :empty
+                ORDER BY gc.id ASC';
+
+        $q = $em->createQuery($dql)->setParameter('empty', '');
+
+        $migrated = 0;
+        $skipped  = 0;
+        $errors   = 0;
+
+        foreach ($q->toIterable() as $gc) {
+            \assert($gc instanceof GradebookCertificate);
+
+            $user   = $gc->getUser();
+            $userId = (int) $user->getId();
+            $catId  = $gc->getCategory() ? (int) $gc->getCategory()->getId() : 0;
+            $score  = (float) $gc->getScoreCertificate();
+            $path   = (string) ($gc->getPathCertificate() ?? '');
+
+            // Find the legacy PersonalFile (robust title search + optional creator-scope search).
+            $pf = $this->findLegacyPersonalFile($personalRepo, $gc);
+            if (!$pf) {
+                $this->dbg(sprintf(
+                    '[skip] gc#%d user=%d cat=%d -> legacy PersonalFile not found for "%s"',
+                    (int) $gc->getId(), $userId, $catId, $path
+                ));
+                $skipped++;
+                continue;
+            }
+
+            // Read the legacy HTML (robust strategy).
+            $html = $this->readLegacyHtml($personalRepo, $rnRepo, $pf);
+            if (!is_string($html) || $html === '') {
+                $this->dbg(sprintf(
+                    '[error] gc#%d user=%d cat=%d -> failed to read legacy HTML content from PF (title="%s")',
+                    (int) $gc->getId(), $userId, $catId, (string) $pf->getTitle()
+                ));
+                $errors++;
+                continue;
+            }
+
+            try {
+                // Move to Resource (resource type "files")
+                $cert = $certRepo->upsertCertificateResource($catId, $userId, $score, $html, null);
+
+                // Remove legacy PF only after a successful migration
+                $em->remove($pf);
+                $em->flush();
+                $em->clear();
+
+                $migrated++;
+                $this->dbg(sprintf(
+                    '[ok] gc#%d user=%d cat=%d -> migrated to resource (cert id=%d) and removed PF "%s"',
+                    (int) $gc->getId(), $userId, $catId, (int) $cert->getId(), (string) $pf->getTitle()
+                ));
+            } catch (\Throwable $e) {
+                $this->dbg(sprintf(
+                    '[error] gc#%d user=%d cat=%d -> upsert failed: %s',
+                    (int) $gc->getId(), $userId, $catId, $e->getMessage()
+                ));
+                $errors++;
+                // Do not remove PF on failure
+            }
+        }
+
+        $summary = sprintf('Summary: migrated=%d skipped=%d errors=%d', $migrated, $skipped, $errors);
+        $this->write("\n".$summary."\n");
+        $this->dbg($summary);
+    }
+
+    /**
+     * Run outside a single big transaction so we can flush/clear per item.
+     */
+    public function isTransactional(): bool
+    {
+        return false;
+    }
+
+    /**
+     * Debug helper: send messages to PHP error_log only when DEBUG is enabled.
+     */
+    private function dbg(string $message): void
+    {
+        if (self::DEBUG) {
+            error_log('[CERT MIGRATION] '.$message);
+        }
+    }
+
+    /**
+     * Try to locate the PersonalFile using common title variants and (if available)
+     * a creator-scoped lookup to reduce ambiguity.
+     */
+    private function findLegacyPersonalFile(
+        PersonalFileRepository $personalRepo,
+        GradebookCertificate $gc
+    ): ?PersonalFile {
+        $title = (string) ($gc->getPathCertificate() ?? '');
+        if ($title === '') {
+            return null;
+        }
+
+        $variants = [$title];
+
+        // With and without a leading slash
+        if ($title[0] !== '/') {
+            $variants[] = '/'.$title;
+        }
+
+        // Also try by basename (in case a full path was stored)
+        $base = \basename($title);
+        if ($base !== $title) {
+            $variants[] = $base;
+        }
+
+        // Also try with/without ".html"
+        $noExt = preg_replace('/\.html$/i', '', $base);
+        if ($noExt && $noExt !== $base) {
+            $variants[] = $noExt;
+        } elseif ($base !== '' && stripos($base, '.html') === false) {
+            $variants[] = $base.'.html';
+        }
+
+        foreach (array_unique($variants) as $v) {
+            $found = $personalRepo->findOneBy(['title' => $v]);
+            if ($found instanceof PersonalFile) {
+                return $found;
+            }
+        }
+
+        // search by creator scope if the helper exists
+        $user = $gc->getUser();
+        if (\method_exists($personalRepo, 'getResourceByCreatorFromTitle')) {
+            try {
+                $candidate = $personalRepo->getResourceByCreatorFromTitle(
+                    $base !== '' ? $base : $title,
+                    $user,
+                    $user->getResourceNode()
+                );
+                if ($candidate instanceof PersonalFile) {
+                    return $candidate;
+                }
+            } catch (\Throwable $e) {
+                $this->dbg('Creator-scoped PF lookup failed: '.$e->getMessage());
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Read HTML from PersonalFile
+     */
+    private function readLegacyHtml(
+        PersonalFileRepository $personalRepo,
+        ResourceNodeRepository $rnRepo,
+        PersonalFile $pf
+    ): ?string {
+        // Repository helper
+        try {
+            $content = $personalRepo->getResourceFileContent($pf);
+            if (is_string($content) && $content !== '') {
+                return $content;
+            }
+        } catch (\Throwable $e) {
+            $this->dbg('[info] PF read via repository failed: '.$e->getMessage());
+        }
+
+        // FileSystem paths
+        try {
+            /** @var ResourceNode|null $node */
+            $node = $pf->getResourceNode();
+            if ($node) {
+                $fs = $rnRepo->getFileSystem();
+                if ($fs) {
+                    $basePath = rtrim((string) $node->getPath(), '/');
+
+                    $sharded = static function (string $filename): string {
+                        $a = $filename[0] ?? '_';
+                        $b = $filename[1] ?? '_';
+                        $c = $filename[2] ?? '_';
+                        return sprintf('resource/%s/%s/%s/%s', $a, $b, $c, $filename);
+                    };
+
+                    foreach ($node->getResourceFiles() as $rf) {
+                        $candidates = [];
+
+                        $t = (string) $rf->getTitle();
+                        $o = (string) $rf->getOriginalName();
+
+                        if ($t !== '') {
+                            if ($basePath !== '') {
+                                $candidates[] = $basePath.'/'.$t;
+                            }
+                            $candidates[] = $sharded($t);
+                        }
+                        if ($o !== '') {
+                            if ($basePath !== '') {
+                                $candidates[] = $basePath.'/'.$o;
+                            }
+                            $candidates[] = $sharded($o);
+                        }
+
+                        foreach ($candidates as $p) {
+                            if ($fs->fileExists($p)) {
+                                $data = $fs->read($p);
+                                if (is_string($data) && $data !== '') {
+                                    return $data;
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (\Throwable $e) {
+            $this->dbg('[info] PF read via filesystem failed: '.$e->getMessage());
+        }
+
+        // Final fallback: generic node default content (may still fail)
+        try {
+            $node = $pf->getResourceNode();
+            if ($node) {
+                return $rnRepo->getResourceNodeFileContent($node);
+            }
+        } catch (\Throwable $e) {
+            $this->dbg('[info] PF read via node fallback failed: '.$e->getMessage());
+        }
+
+        return null;
+    }
+}
diff --git a/src/CoreBundle/Repository/GradebookCertificateRepository.php b/src/CoreBundle/Repository/GradebookCertificateRepository.php
index c764d3cb36a..90a86bed28c 100644
--- a/src/CoreBundle/Repository/GradebookCertificateRepository.php
+++ b/src/CoreBundle/Repository/GradebookCertificateRepository.php
@@ -9,31 +9,34 @@
 use Chamilo\CoreBundle\Entity\GradebookCategory;
 use Chamilo\CoreBundle\Entity\GradebookCertificate;
 use Chamilo\CoreBundle\Entity\PersonalFile;
+use Chamilo\CoreBundle\Entity\ResourceNode;
+use Chamilo\CoreBundle\Entity\ResourceType;
 use Chamilo\CoreBundle\Entity\SessionRelCourseRelUser;
 use Chamilo\CoreBundle\Entity\SessionRelUser;
 use Chamilo\CoreBundle\Entity\User;
 use DateTime;
 use DateTimeImmutable;
-use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\ORM\AbstractQuery;
 use Doctrine\ORM\NonUniqueResultException;
 use Doctrine\Persistence\ManagerRegistry;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 
-class GradebookCertificateRepository extends ServiceEntityRepository
+class GradebookCertificateRepository extends ResourceRepository
 {
     public function __construct(ManagerRegistry $registry)
     {
         parent::__construct($registry, GradebookCertificate::class);
     }
 
+    /**
+     * Fetch a certificate by (user, category). If $catId is 0 or null, searches the "general" certificate.
+     */
     public function getCertificateByUserId(?int $catId, int $userId, bool $asArray = false)
     {
         $qb = $this->createQueryBuilder('gc')
             ->where('gc.user = :userId')
             ->setParameter('userId', $userId)
-            ->setMaxResults(1)
-        ;
+            ->setMaxResults(1);
 
         if (0 === $catId) {
             $catId = null;
@@ -43,29 +46,25 @@ public function getCertificateByUserId(?int $catId, int $userId, bool $asArray =
             $qb->andWhere('gc.category IS NULL');
         } else {
             $qb->andWhere('gc.category = :catId')
-                ->setParameter('catId', $catId)
-            ;
+                ->setParameter('catId', $catId);
         }
 
         $qb->orderBy('gc.id', 'ASC');
-
         $query = $qb->getQuery();
 
-        if ($asArray) {
-            try {
-                return $query->getOneOrNullResult(AbstractQuery::HYDRATE_ARRAY);
-            } catch (NonUniqueResultException $e) {
-                return null;
-            }
-        } else {
-            try {
-                return $query->getOneOrNullResult();
-            } catch (NonUniqueResultException $e) {
-                return null;
-            }
+        try {
+            return $asArray
+                ? $query->getOneOrNullResult(AbstractQuery::HYDRATE_ARRAY)
+                : $query->getOneOrNullResult();
+        } catch (NonUniqueResultException $e) {
+            return null;
         }
     }
 
+    /**
+     * Backward-compatible metadata update.
+     * If you adopt the Resource flow, you may pass an empty $fileName; it will still update score/timestamps.
+     */
     public function registerUserInfoAboutCertificate(int $catId, int $userId, float $scoreCertificate, string $fileName = ''): void
     {
         $fileName = ltrim($fileName, '/');
@@ -81,7 +80,7 @@ public function registerUserInfoAboutCertificate(int $catId, int $userId, float
                 $certificate->setCategory($category);
             }
             $certificate->setUser($user);
-            $certificate->setPathCertificate($fileName);
+            $certificate->setPathCertificate($fileName ?: null);
             $certificate->setScoreCertificate($scoreCertificate);
             $certificate->setCreatedAt(new DateTime());
 
@@ -91,11 +90,175 @@ public function registerUserInfoAboutCertificate(int $catId, int $userId, float
             return;
         }
 
-        $existingCertificate->setPathCertificate($fileName);
+        if ($fileName) {
+            $existingCertificate->setPathCertificate($fileName);
+        }
         $existingCertificate->setScoreCertificate($scoreCertificate);
         $this->_em->flush();
     }
 
+    /**
+     * Helper: resolve the ResourceType 'files' from the Tool 'files' (personal space).
+     *
+     * @throws \RuntimeException if not found.
+     */
+    private function getPersonalFilesResourceType(): ResourceType
+    {
+        $em = $this->getEntityManager();
+
+        $qb = $em->createQueryBuilder()
+            ->select('rt')
+            ->from(ResourceType::class, 'rt')
+            ->join('rt.tool', 't')
+            ->where('rt.title = :rtTitle')
+            ->andWhere('t.title = :toolTitle')
+            ->setParameter('rtTitle', 'files')
+            ->setParameter('toolTitle', 'files')
+            ->setMaxResults(1);
+
+        $rt = $qb->getQuery()->getOneOrNullResult();
+        if ($rt instanceof ResourceType) {
+            return $rt;
+        }
+
+        $rt = $em->getRepository(ResourceType::class)->findOneBy(['title' => 'files']);
+        if (!$rt) {
+            throw new \RuntimeException("ResourceType 'files' not found.");
+        }
+
+        return $rt;
+    }
+
+    /**
+     * Create or update a certificate as a Resource using ResourceType 'files' (personal files tool).
+     * We avoid calling parent::createNodeForResource() to not depend on $this->slugify.
+     */
+    public function upsertCertificateResource(
+        int $catId,
+        int $userId,
+        float $scoreCertificate,
+        string $htmlContent,
+        ?string $pdfBinary = null
+    ): GradebookCertificate {
+        $em = $this->getEntityManager();
+
+        /** @var GradebookCertificate|null $cert */
+        $cert = $this->getCertificateByUserId(0 === $catId ? null : $catId, $userId);
+
+        /** @var User|null $user */
+        $user = $em->getRepository(User::class)->find($userId);
+        if (!$user) {
+            throw new \InvalidArgumentException("User {$userId} not found.");
+        }
+
+        /** @var GradebookCategory|null $category */
+        $category = 0 === $catId ? null : $em->getRepository(GradebookCategory::class)->find($catId);
+
+        if (!$cert) {
+            $cert = new GradebookCertificate();
+            if ($category) {
+                $cert->setCategory($category);
+            }
+            $cert->setUser($user);
+            $cert->setScoreCertificate($scoreCertificate);
+            $cert->setCreatedAt(new DateTime());
+            $em->persist($cert);
+            $em->flush();
+        } else {
+            $cert->setScoreCertificate($scoreCertificate);
+        }
+
+        // Deterministic filename for legacy parity (used historically to build URLs)
+        $logicalFileName = ltrim(hash('sha256', $userId . ($catId ?: 0)) . '.html', '/');
+
+        // Ensure resource node exists with ResourceType 'files', under the user's node
+        if (!$cert->hasResourceNode()) {
+            $filesRt    = $this->getPersonalFilesResourceType();
+            $parentNode = $user->getResourceNode();
+            $this->createNodeForCertificateWithoutSlugify($cert, $user, $parentNode, $filesRt, $logicalFileName);
+
+            // Link to the user (so it appears in their resources)
+            $cert->addUserLink($user);
+        } else {
+            // Keep the resource title coherent (not mandatory but nice to have)
+            $node = $cert->getResourceNode();
+            $node->setTitle($logicalFileName);
+            $em->persist($node);
+        }
+
+        // Update or create the HTML ResourceFile
+        $updated = $this->updateResourceFileContent($cert, $htmlContent);
+        if (!$updated) {
+            $this->addFileFromString($cert, $logicalFileName, 'text/html', $htmlContent, true);
+        }
+
+        // Optional PDF attachment
+        if (null !== $pdfBinary) {
+            $pdfName = preg_replace('/\.html$/i', '.pdf', $logicalFileName) ?: ($logicalFileName . '.pdf');
+            $this->addFileFromString($cert, $pdfName, 'application/pdf', $pdfBinary, true);
+        }
+
+        // Legacy pointer (not strictly required for the Resource flow)
+        $cert->setPathCertificate($logicalFileName);
+
+        $em->flush();
+
+        return $cert;
+    }
+
+    /**
+     * Create a ResourceNode avoiding the slugify service.
+     * Generates a basic slug locally and wires parent/creator/type relationships.
+     */
+    private function createNodeForCertificateWithoutSlugify(
+        GradebookCertificate $resource,
+        User $creator,
+        ResourceNode $parentNode,
+        ResourceType $resourceType,
+        string $titleForNode
+    ): void {
+        $em = $this->getEntityManager();
+
+        $slug = $this->basicSlug($titleForNode);
+
+        $node = new ResourceNode();
+        $node
+            ->setTitle($titleForNode)
+            ->setSlug($slug)
+            ->setResourceType($resourceType)
+            ->setCreator($creator)
+        ;
+
+        // Parent-child relationship
+        $parentNode?->addChild($node);
+
+        // Wire resource <-> node
+        $resource->setResourceNode($node);
+
+        // Persist
+        $em->persist($node);
+        $em->persist($resource);
+    }
+
+    /**
+     * Very small local slugger (ASCII-only fallback).
+     */
+    private function basicSlug(string $text): string
+    {
+        $text = \iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $text);
+        $text = \preg_replace('~[^\\pL\\d]+~u', '-', $text ?? '');
+        $text = \trim((string) $text, '-');
+        $text = \preg_replace('~[^-a-z0-9]+~i', '', $text);
+        $text = \strtolower($text);
+        return $text ?: 'resource';
+    }
+
+    /**
+     * LEGACY (kept for backward-compatibility):
+     * Creates a PersonalFile under the user's personal files (old behavior).
+     *
+     * @deprecated Prefer upsertCertificateResource().
+     */
     public function generateCertificatePersonalFile(int $userId, string $fileName, string $certificateContent): ?PersonalFile
     {
         $em = $this->getEntityManager();
@@ -121,7 +284,7 @@ public function generateCertificatePersonalFile(int $userId, string $fileName, s
             $em->persist($personalFile);
             $em->flush();
 
-            unlink($tempFilePath);
+            @unlink($tempFilePath);
 
             return $personalFile;
         }
@@ -129,31 +292,45 @@ public function generateCertificatePersonalFile(int $userId, string $fileName, s
         return $existingFile;
     }
 
+    /**
+     * Delete the certificate and its associated files.
+     * - New mode (resource): hardDelete() removes node + files + links.
+     * - Legacy mode (personal file): remove PersonalFile and then the row.
+     */
     public function deleteCertificateAndRelatedFiles(int $userId, int $catId): bool
     {
         $em = $this->getEntityManager();
+        /** @var GradebookCertificate|null $certificate */
         $certificate = $this->getCertificateByUserId($catId, $userId);
 
         if (!$certificate) {
             return false;
         }
 
-        $title = basename(ltrim($certificate->getPathCertificate(), '/'));
+        // attached ResourceNode -> hard delete (cascades)
+        if ($certificate->hasResourceNode()) {
+            $this->hardDelete($certificate);
+            return true;
+        }
+
+        // delete PersonalFile created under user's personal files
+        $title = basename(ltrim((string) $certificate->getPathCertificate(), '/'));
         $personalFile = $em->getRepository(PersonalFile::class)->findOneBy(['title' => $title]);
 
-        if (!$personalFile) {
-            return false;
+        if ($personalFile) {
+            $em->remove($personalFile);
+            $em->flush();
         }
 
-        $em->remove($personalFile);
-        $em->flush();
-
         $em->remove($certificate);
         $em->flush();
 
         return true;
     }
 
+    /**
+     * List certificates with course/session/url context.
+     */
     public function findCertificatesWithContext(
         int $urlId,
         int $offset = 0,