Remove ACM Certificate used for deleted VPN connection

0

Hello,

i have deleted a VPN connection which was established by using ACM private certificates, but i cannot delete the certificates used for this connection:

Command: aws acm delete-certificate --certificate-arn arn:aws:acm:eu-central-1:41xxxxxxxx39:certificate/7ef2226a-515b-4f90-aca7-72fefddb9a86

Output: An error occurred (ResourceInUseException) when calling the DeleteCertificate operation: Certificate...

In the documentation it is mentioned as follows:

"For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection."

" You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a certificate that is in use, the certificate association must first be removed."

So far i understand my mistake, but i am not able to remove this certificate association via WebUI or CLI.

The list certificates gives output as follows: "CertificateArn": "arn:aws:acm:eu-central-1:41xxxxxxxx39:certificate/7ef2226a-515b-4f90-aca7-72fefddb9a86", "DomainName": "vpn-0ea809fb052c8c149.endpoint-0"

Where DomainName is the certificate association, which i have to delete first (i guess) in order to delete the certificate, but i didn't find a way to do this.

Can you help me to sort this problem out?

Kind Regards

gefragt vor 2 Jahren477 Aufrufe
2 Antworten
0

If you look at your AWS console please navigate to VPC -> Virtual Private Network (VPN) -> Site-to-Site VPN Connections. The error message points to a connection with the ID vpn-0ea809fb052c8c149 which is still defined there.

If you can find it you have the possibility to select it and use different certificates via the menu entry Actions -> Modify Tunnel certificate. The certificate vpn-0ea809fb052c8c149.endpoint-0 indicates that it is the first tunnel in use.

Theoretically the certificate can also be assigned on a different service by mistake. Can you try to get the full error message? If you navigate to AWS Certificate Manager -> Certificates and select the certificate in question you will see the Associated Resources section, which will point you to the right direction.

If you can't find any VPN connections defined I would recommend to open a support ticket to have the case investigated.

EXPERTE
beantwortet vor 2 Jahren
  • Hi Andreas,

    yes, there isn't any VPN connection defined, as i have deleted it. It is just ACM which is still claiming it is there. It was my mistake, because i deleted it and later i saw that certificates have to be deleted previously which leaded to my current problem. The full error message is: An error occurred (ResourceInUseException) when calling the DeleteCertificate operation: Certificate arn:aws:acm:eu-central-1:411581576539:certificate/7ef2226a-515b-4f90-aca7-72fefddb9a86 in account 41xxxxxxxx39 is in use.

    The vpn connecetion has been deleted but still shows up in ACM as associated ressource.

    Thank you

0

Hi Ian,

I'm sorry but in this case I can only recommend you to open a support request. The service team will be able to remove this association and you can delete the certificate afterwards.

EXPERTE
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen