How does the ACM managed renewal process work with email-validated certificates?

2 minute read
0

I have an email-validated certificate with AWS Certificate Manager (ACM). I want to understand how the managed renewal process works.

Short description

To validate domain ownership for an ACM certificate, you can use either DNS validation or email validation.

Important: In 2024, ACM will discontinue WHOIS lookup for email-validated certificates. It's a best practice to use DNS validation instead of email validation.

Resolution

Managed renewal eligibility

ACM manages the renewal for your Amazon issued SSL/TLS certificates. Email-validated certificates that are associated with AWS services integrated with ACM are eligible for renewal. ACM sends you an email notification when the certificate approaches renewal.

ACM doesn't provide managed renewal for imported certificates, expired certificates, or private certificates that AWS Private Certificate Authority issues with the IssueCertificate API call. ACM does provide managed renewal for private certificates that AWS Private CA issues from the ACM console.

Action required by domain owner

ACM certificates are valid for 13 months (395 days). ACM uses the domain's WHOIS mailbox addresses and up to five common administrator addresses to send renewal notices 45 days before expiration. To renew the certificate, you must use the link that's in the email notification. After all listed domains are validated, ACM issues a renewed certificate with the same ARN. 

To request that ACM resend you a domain validation email for your certificate renewal, see Resend validation email. If you didn't receive the validation email or you're experiencing issues, then see Troubleshoot email validation problems.

Related information

How does the ACM managed renewal process work with DNS-validated certificates?

Why can't I resend the validation email from ACM to renew a certificate?

How can I resend the validation email to verify my domain for ACM?

Why is my ACM certificate renewal status still "Pending validation" after I used the ACM managed renewal process for my domain name?

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago