SSL/TLS Certificate

1

I have a certificate that is expiring soon. I went ahead and renewed the certificate via email validation but now I am stuck with where to upload the certificate in AWS

asked 2 years ago249 views
4 Answers
0

Hi,

If the certificate is email-validated then it should reside inside AWS Certificate Manager and so you would be able to see it in the console or via the list-certificates API. In other words, the 'import' operation would not come into play here.

You are more than welcome of sharing more details about your use case and I would be happy to help further.

Thanks.

profile pictureAWS
answered 2 years ago
  • Hi, Thank you for your answer, I do have the certificate I validated via email showing up in my AWS certificate manager along with the one that is about to expire. I the one I recently regenerated says its ineligible to be renewed and I don't know what step to take to make it eligible before the 29th when my other one expires.

0

Hello. You may try to import your new cert to AWS Cert Manager (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-api-cli.html).

answered 2 years ago
0

I haven't personally used AWS Certificate Manager before, however I recommend taking a look at the ACM documentation under Installing ACM Certificates. The documentation states that you must install the certs through the integrated AWS services you are using. See services integrated with ACM.

AWS
newrust
answered 2 years ago
0

Hi,

I am not 100% sure what you mean by the following:

"I the one I recently regenerated says its ineligible to be renewed and I don't know what step to take to make it eligible before the 29th when my other one expires."

If we are talking about how to make your email-validated certificate eligible for renewal you would need to satisfy two conditions:

  1. The certificate is associated with an AWS resource such as an ALB.
  2. You need to approve at least one validation email for every domain included in the domain scope of your certificate. Validation emails are sent by ACM automatically to the three contact addresses found in your WHOIS data and five common system addresses (i.e. admin@<yourdomainname>, administrator@<yourdomainname>, webmaster@<yourdomainname>, hostmaster@<yourdomainname>, postmaster@<yourdomainname>. These validation emails are sent automatically by ACM once on the 45th day prior to the certificate's expiration and they are only valid for 72 hours. If that time frame has passed you would need to call the resend-validation-email API for every domain and acknowledge them all within 72 hours.

If you are referring to another certificate altogether please share more details and I would be happy to help.

References:

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions