1 Answer
- Newest
- Most votes
- Most comments
2
I was not able to delete it as well since the status is still "In use"
If you did this in the AWS Console a dialog would have popped up advising of which resource(s) still have the cert attached.
This may well include the load-balancer that the cert was originally attached to (even though it's expired it won't be automatically dissociated).
Check that only the new, active cert is associated with the load balancer.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- How do I get notified when the certificate associated to the Client VPN endpoint is about to expire?AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
In the ALB it had old ARN, I used the new ARN after I imported the new certificate into the ACM. In the ACM, it now has 2 certificates one is expired and the other is Active. I was not able to delete the expired one. And the browser still shows the expired certificate.
When you tried to delete the old cert in ACM, it would have popped up a message saying that the cert is still in use, and given you a list of resource(s) with which the cert is still associated.
You need to dissociate the old cert from these resource(s). The steps to dissociate a cert from a load balancer are here https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html#remove-certificates
This will probbaly also solve the issue in your browser, as now there should only be the new cert associated with the load balancer.
Yes, it popped a message. Both old & new cert shows the same ALB resource in the ACM.
You need to remove the old cert from the ALB, see the link in my previous comment.