Questions tagged with AWS Certificate Manager
Content language: English
Sort by most recent
Hi, I have a case where I would like to store third-parties certificates in our AWS account. We **MUST NOT** have access to their private, only public keys. What would you recommend to store public keys certificate, which belong to external clients, in AWS?
I'm writing an IoT Wireless Gateway provisioning script using Boto3 and cannot figure out how to create, download, and update `cups.key` and `cups.trust` files. I've managed to get the `cups.crt` file using [describe_certificate()](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iot.html#IoT.Client.describe_certificate) but I cannot figure out which Boto methods will get me the rest of the certs necessary to connect a gateway.
Hi, i'm new so bare with me i tried to use AWS ACM with DNS verification! after made sure Route53 actually set correctly, i can see my website via http://mydomain.com ... but ACM never validated! i thought i did something wrong! so changed the DNS to park mode on Domain side w8 till made sure site check-host.net pointed to park mode then re did Route53 and again w8ted till DNS propagated to AWS EC2 then re submitted for ACM by DNS verification and another day passed and still same as before it stuck in Pending validation! so what now should i gave up on AWS ACM and try other methods for setup SSL for my website!?
Hello, thanks ahead of time for reading this! -- I have a domain I purchased (deepdungeonoverlay.com). I have an SSL certificate created for deepdungeonoverlay.com as well as www.deepdungeonoverlay.com and dev.deepdungeonoverlay.com I have an EC2 instance with apache installed and my very simple content uploaded to var/www/html I have an elastic IP set up and configured to point to this EC2 instance. I have a CloudFront distribution currently configured for both deepdungeonoverlay.com and www.deepdungeonoverlay.com with the appropriate SSL certificate selected and pointed to the public ipv4 DNS. I have Route 53 Alias records set up for both deepdungeonoverlay.com and www.deepdungeonoverlay.com that point to the appropriate CloudFront distribution. -- Going to the root of deepdungeonoverlay.com or www.deepdungeonoverlay.com both properly resolve and my index.html file is displayed, and the SSL certificate is properly applied. However, if I try to visit deepdungeonoverlay.com/target info, which is a sub folder with its own index.html file in it, the connection becomes not secure, and the URL no longer displays deepdungeonoverlay.com but instead reads the public ipv4 DNS URL with /targetinfo after it. The html file displays correctly. My expected behavior is that all content served from my EC2 instance would be under the proper URL and have the SSL certificate applied. I have been trying to understand what is going on for two days. Countless web articles and YouTube videos on setting up EC2 websites with AWS SSL and Route 53 and I cannot see where I am going wrong or what setting I am missing. If it wasn't obvious, I am not a DevOps professional, so this has all been a learning process for me. Any and all help or recommendations appreciated! Thanks Lokken
It currently points to an certificate from the ACM. I imported a new cert after renewal. Should I bounce the target servers after I associated the newly imported cert?
Hello! I cannot issue certificate. I see an error "Additional verification required to request certificates for one or more domain names in this request" and link to https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html#failed-additional-verification-required If you don't have a support plan, post a new thread in the ACM Discussion Forum.
To renew this certificate, you must ensure that the proper CNAME records are present in your DNS configuration for each domain listed below. You can find the CNAME records for your domains by expanding your certificate and its domain entries in the ACM console. You can also use the DescribeCertificate command in the ACM API or the describe-certificate operation in the ACM CLI to find a certificate’s CNAME records. For more information, see Automatic Domain Validation Failure in the ACM troubleshooting guide. We are using AWS managed ACS and I am not clear what action to be done from above description please help ??
I have an old certificate in ACM which was created through Terraform, and is in the "Issued" state. Unfortunately, now I cannot delete it because it is shown as "In use", even though it's not, at least not by me. I tried deleting the certificate manually from the ACM console, but the deletion page shows that it is in use by account 061510835048, which is one of AWS's internal accounts (see https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-api-with-vpclink-accounts.html) How can I unlink it? I have already tried deleting all my resources, but it seems something got stuck. I read that this can happen and normally it requires contacting the AWS customer service, but I don't have access to that. Can someone help? This is blocking me because I cannot destroy resources and get back to a clean slate.
I search for the solution of importing multiple certificates to ACM via cli. Any one could advised?
To solve this problem, I logged into domain you mentioned in email, and moved to AWS Certificate Manager (ACM) and I want to resend the validation email. However, the option is unavailable, How do I solve this issue ?
tl;dr EKS, ingress, certificate is valid -> but services are not available Hi, I have few services running on EKS. Furthermore, I've made a setup with Ingress and everything works fine. Those few services are defined with one ingress but on different path. Another thing that I've set up is AWS public certificate that is valid. Using that I've set up DNS and point it to ingress. Worker nodes for cluster are spot instances that are currently available. The main problem that I'm having is that for the last three days, those services inside EKS suddenly become unavailable. I've checked my setup multiple times and everything works fine. Is there another thing that could cause those unavailability problems? When I try to access API of services with correct domain name I get this: ```DNS_PROBE_FINISHED_NXDOMAIN``` It stays like this for some time (approximately 30 minutes) and then it works again.
I have a wildcard certificate, which is associated with 3 load balancers. The use case was to add it to custom domains for API Gateway, but I decided to delete them and the certificate. And although I tried to remove all custom domains, the certificate is still shown as in use. These load balancers' ARNs do not match any of the custom domains that I have. What could be done to delete this certificate?