Why can't I find my imported certificate for my load balancer or CloudFront distribution?

3 minute read
0

I requested or imported a certificate using AWS Certificate Manager (ACM). I'm configuring a load balancer or Amazon CloudFront distribution, but I can't find the certificate.

Short description

If you don't have a certificate issued for your domain name, you can request a public certificate using ACM. To use a third-party certificate with a load balancer, import the certificate into ACM or upload a certificate to AWS Identity and Access Management (IAM).

Important:

You won't find the imported certificate or ACM certificate if:

  • The certificate imported into ACM is using an algorithm that's not supported by the load balancer or the CloudFront distribution.
  • The ACM certificate wasn't requested in the same AWS Region as your load balancer or CloudFront distribution.

Resolution

The certificate imported into ACM is using an algorithm that's not supported by the load balancer or the CloudFront distribution.

Although ACM allows certificates with a key algorithm of 4096-bit RSA and EC, these certificates can't be associated with all load balancers through integration with ACM. The following imported key algorithms can be used with a Classic Load Balancer and Application Load Balancer:

AlgorithmClassic ACM (Preferred)Application ACM (Preferred)IAM
1024-bit RSA (RSA_1024)YesYesYes
2048-bit RSA (RSA_2048)YesYesYes
RSA_4096NoYesYes
RSA (up to 16384 bits)NoNoYes
Elliptic Curve (ECDSA)NoYesYes

Note: Network Load Balancers don't allow certificates with RSA keys larger than 2048-bit or EC keys.

To install an SSL certificate, follow these instructions for your load balancer type:

If the imported certificate isn't supported by ACM, follow the instructions to import an SSL certificate to IAM. Then, associate the imported certificate with the load balancer. For more information, see Uploading a server certificate (AWS API).

For CloudFront distributions, the certificate’s key algorithms must be 1024-bit RSA or 2048-bit RSA. For more information, see Size of the public key.

To install the SSL certificate on CloudFront distribution, see Using HTTPS with CloudFront.

The ACM certificate wasn't requested in the same AWS Region as your load balancer or CloudFront distribution

ACM certificates must be requested or imported in the same AWS Region as your load balancer.

To use the ACM certificates with Amazon CloudFront, the certificates must be imported or requested in the US East (N. Virginia) Region. For more information, see AWS Region that you request a certificate in (for AWS Certificate Manager).


Related information

How can I add certificates for multiple domains to a load balancer using AWS Certificate Manager?

ACM certificate characteristics

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago