By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't Delete Certificate Due to Load Balancer Association

0

I have 1 unused certificate that the aws console will not allow me to delete. I get an error that it is associated with resources associated with a deleted API Gateway. See message below. I already contacted AWS basic support and they directed me back to post here. Here is someone that experienced the same issue and was directed back to Support. It seems nobody can help with this. https://repost.aws/questions/QU63csgGNEQl2M--xCdy-oxw/cant-delete-certificate-because-there-are-dangling-load-balancer-resources

Please delete this certificate if able. The arn is below.

Certificate is in use
The certificate (e2cb6304-2481-4102-a299-01c2a6314819) is in use (associated with other AWS resources) and cannot be deleted. Dissociate the certificate from each resource in the list and try again.

Associated resources
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-678/e592024281bf27ef
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-696/64bd9edeaac06342
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-787/f026c77ee68b958c
Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Elastic Load BalancingAWS Certificate Manager
Language
English
AWS-User-6926562
asked 2 years ago3473 views
3 Answers
2

You might have deployed your API Gateway using Custom Domain Name with a Regional endpoint type. Deploying a Regional API endpoint creates an Application Load Balancer by API Gateway.

To resolve, you can replace or delete that Custom Domain Name. Then, try to delete the ACM again.

More information can be found here: https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-resources/ https://www.youtube.com/watch?v=rYEVHGyAIsw&ab_channel=AmazonWebServices

If you've already done this and still unable to delete the ACM, then try to raise another ticket to support team to get the association removed for you, and reference the other post you mentioned.

profile picture
joahna
answered 2 years ago
0

Hey there,

I think what happened when you contacted Support was that the Customer Service agent seen that you have a support plan that grants access to the forums but not to Premium Support. Although they're correct to refer you back here in that case, this particular scenario does need intervention from a member of Premium Support.

Let's try this - reopen your case with CS and ask to be routed to Premium Support for the ACM service, and give them this link to see that a member of AWS has advised you on this (they can see my name and reach out to me internally if they so wish).

If you hit a brick wall with that (not that you will, but I'd rather have a backup plan), then drop your Case ID in as a response to this comment and I'll look into it for you.

profile pictureAWS
Ciaran Carragher
answered 2 years ago
-1

You shouldn't post your account number in a public forum - it's not particularly private but it does increase the chances that someone with bad intentions might try and access your account.

That said: The message you're getting specifically calls out resources in a particular region. Not API Gateway but a load balancer - have you checked to see if the certificate was also attached there?

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content