Unable to delete certificate - in use by an unknown account


I'm trying to change a certificate to use DNS instead of e-mail for verification, and it looks like you can't modify an existing certificate so I have created a new one.

This worked fine and now I am trying to delete the old certificate but I cannot as it says it's in use:

Certificate is in use

The certificate *.example.com (b1f0c003-3a03-41da-98e1-11de39b50cc2)is in use (associated with other AWS resources) and cannot be deleted. Disassociate the certificate from each resource in the list and try again.
Associated resources


Apparently this account ID belongs to Amazon and I have heard this can come from API Gateway, however I have nothing set up in API Gateway. Hunting around I did have an old CloudFormation template active from some experimentation with the Serverless Framework application, however after removing that template and giving it a few hours, I still cannot delete the certificate!

Is there any way I can find out what exactly is using the certificate so I can figure out how to remove it? Or is there any way I can just delete the certificate anyway and see what breaks?

質問済み 5年前977ビュー

With a bit of help, I was finally able to work this one out.

It turns out that there's a limitation in the AWS web interface, and you can have some elements of API Gateway active but inaccessible via the web interface. I was told I needed to go to "Custom Domains" but all I could see was the "Getting Started" page.

In the end I had to resort to using the CLI, and blindly hunting around until I hit upon the region where the resources were.

aws --region us-east-1 apigateway get-domain-names
aws --region us-east-1 apigateway delete-domain-name --domain-name example.com

After a few hours this resulted in the AWS-owned CloudFront resources being released and I could at last remove the old certificate! Phew!

回答済み 5年前

ログインしていません。 ログイン 回答を投稿する。


