


 Resolution
-----------



CloudFront might still use the previous certificate because the certificate renewal or reimport process is not yet complete. Renewing or reimporting a certificate is an asynchronous process, so several hours can elapse before CloudFront shows changes to the certificate. 


To avoid certificate expiration issues, renew or reimport your certificate at least 24 hours before the **NotAfter** value of your current certificate. If you're within 24 hours of the certificate expiration, request a new certificate from ACM, or [import a new certificate](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-api-cli.html) to ACM. Then, associate the new certificate to the CloudFront distribution.





---




 Related information
--------------------



[Managed renewal for ACM certificates](https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html)


[Reimporting a certificate](https://docs.aws.amazon.com/acm/latest/userguide/import-reimport.html) 


[Check a certificate's renewal status](https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html)


[Troubleshooting managed certificate renewal](https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html)







Thank you for your comment. We'll review and update the Knowledge Center article as needed.

Need more elaborate on term "several hours". If the max waiting time required is 24 hours before seeking help from AWS support, please address it in this doc. Thanks.

I renewed my Amazon-issued SSL certificate on AWS Certificate Manager (ACM). Or, I reimported my SSL certificate to ACM. Why does Amazon CloudFront still show the previous version of the certificate?

Avoid certificate expiration issues with ACM and CloudFront

I renewed my Amazon-issued SSL certificate or reimported my certificate to ACM. Why does CloudFront still show the old certificate?

Resolution

Related information

Relevant content