Certificate request for CDN

It's finally ok, just needed time of propagation.

When using AWS Certificate Manager (ACM), you don't need to rotate SSL/TLS certificates as ACM manages certificate renewals for you. ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

It can take up to several hours for changes to the renewal status to become available. If a problem is encountered, the renewal request times out after 72 hours, and the renewal process must be repeated from the beginning.

A certificate is eligible for automatic renewal subject to the following considerations:

• ELIGIBLE if associated with another AWS service, such as Elastic Load Balancing or CloudFront.
• ELIGIBLE if exported since being issued or last renewed.
• ELIGIBLE if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service.
• ELIGIBLE if it is a private certificate issued through the management console and then exported or associated with another AWS service.
• NOT ELIGIBLE if it is a private certificate issued by calling the AWS Private CA IssueCertificate API.
• NOT ELIGIBLE if imported.
• NOT ELIGIBLE if already expired.

Note - To use an ACM certificate with CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region.

For more information refer - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html