I renewed a certificate with AWS Certificate Manager (ACM), but now my application or website is down. I want to revert the certificate to the previous configuration.
Resolution
When you renew a certificate, ACM generates a new public-private key pair. To revert to the configuration before the renewal, you must contact AWS Support to request certificate rollback.
Important: Certificate rollback is a one-way operation. ACM can't revert a rollback, and the renewed certificate expires.
To roll back your certificate, open an AWS Support case. Include the following statement in the Description of your support case:
"I acknowledge the following effects of certificate rollback:
- Certificate rollback is a one-way operation. ACM can't revert a rollback, and the certificate will expire.
- To avoid expiration, I must request a new certificate from ACM.
- The certificate is rolled back across all resources that currently use it.
- I can't set up new resources to use the certificate after it's rolled back.
- I can't pin certificates issued by Amazon Trust Services that are managed by ACM. To use pinning, I must import a certificate and manage renewals on my own.
- All resources might not immediately reflect the certificate rollback. To expedite the update, I must engage ACM integrated partners, such as Elastic Load Balancing (ELB), Amazon CloudFront, or Amazon API Gateway."
Related information
Renewing publicly trusted certificates