I am able to create a new certificate through ACM. It is DNS validated. But certificate is not yet in use.

Looking at the Brouwer messages - This root CA is not trusted . To enable Trust, instal this certificate in Trusted Root Certificate Authorities store

Does it require a private CA which is prohibitively expensive.

Please advise

  • Hello, could you please clarify what type application you're working on ? (Web application, etc...) and what is the ACM integration you're using ? (ELB, Cloudfront, API Gateway, etc...). Thanks.

Hi, ACM certificates can be used only within AWS listed services listed on this page:

For example, if you want to use this certificate for a website, you can publish your website via CloudFront or and Application Load Balancer, this means you offload https to these services. Your web server does not need to be public.

