I renewed my Amazon-issued SSL certificate or reimported my certificate to ACM. Why does CloudFront still show the old certificate?

1 minute read
0

I renewed my Amazon-issued SSL certificate on AWS Certificate Manager (ACM). Or, I reimported my SSL certificate to ACM. Why does Amazon CloudFront still show the previous version of the certificate?

Resolution

CloudFront might still use the previous certificate because the certificate renewal or reimport process is not yet complete. Renewing or reimporting a certificate is an asynchronous process, so several hours can elapse before CloudFront shows changes to the certificate.

To avoid certificate expiration issues, renew or reimport your certificate at least 24 hours before the NotAfter value of your current certificate. If you're within 24 hours of the certificate expiration, request a new certificate from ACM, or import a new certificate to ACM. Then, associate the new certificate to the CloudFront distribution.


Related information

Managed renewal for ACM certificates

Reimporting a certificate

Check a certificate's renewal status

Troubleshooting managed certificate renewal

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
2 Comments

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile picture
AWS
replied 8 days ago

Need more elaborate on term "several hours". If the max waiting time required is 24 hours before seeking help from AWS support, please address it in this doc. Thanks.

replied 9 days ago