By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How can I roll back my recently renewed ACM certificate?

2 minute read
0

I renewed a certificate with AWS Certificate Manager (ACM), but now my application or website is down. I want to revert the certificate to the previous configuration.

Resolution

When you renew a certificate, ACM generates a new public-private key pair. To revert to the configuration before the renewal, you must contact AWS Support to request certificate rollback.

Important: Certificate rollback is a one-way operation. ACM can't revert a rollback, and the renewed certificate expires.

To roll back your certificate, open an AWS Support case. Include the following statement in the Description of your support case:

"I acknowledge the following effects of certificate rollback:

  • Certificate rollback is a one-way operation. ACM can't revert a rollback, and the certificate will expire.
  • To avoid expiration, I must request a new certificate from ACM.
  • The certificate is rolled back across all resources that currently use it.
  • I can't set up new resources to use the certificate after it's rolled back.
  • I can't pin certificates issued by Amazon Trust Services that are managed by ACM. To use pinning, I must import a certificate and manage renewals on my own.
  • All resources might not immediately reflect the certificate rollback. To expedite the update, I must engage ACM integrated partners, such as Elastic Load Balancing (ELB), Amazon CloudFront, or Amazon API Gateway."

Related information

Renewing publicly trusted certificates

AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago