I tried to reimport my certificate to AWS Certificate Manager (ACM), but I received the following error: "New certificate is missing one or more Extended Key Usages supported by the currently imported certificate".
Resolution
This error occurs because the values for the KeyUsage or ExtendedKeyUsage extensions in the new certificate don't match the values for these extensions in the original certificate.
Before you reimport a certificate, make sure that your certificate meets the following required conditions:
- You can add or remove domain names.
- You can't remove all the domain names from the certificate.
- If the original imported certificate uses KeyUsage or ExtendedKeyUsage extensions, then you can add new extension values, but you can't remove the existing values.
- You can't change the key type and size.
- You can't apply resources tags when you reimport a certificate.
For more information, see Reimporting a certificate.
To renew an imported certificate, request a new certificate from your certificate issuer. Make sure that you request the exact same KeyUsage and ExtendedKeyUsage values as the original certificate. Then, manually reimport the certificate into ACM.
You can also import a new certificate into ACM rather than reimport your original certificate. New certificates have a new Amazon Resource Name (ARN). Note the new ARN to associate it with your resources.
Related Information
Services integrated with AWS Certificate Manager