- Newest
- Most votes
- Most comments
I realize this is an old question, but since there is no solution, I'll add this just in case someone else has the same problem and finds this post.
So I was also receiving "Your certificate is renewed" e-mail and could not figure out where this e-mail was coming from. No Eventbridge or SNS configuration, DNS verified certificates, so these were not the source. I finally figured out the source after changing one of our account settings. It turned out to be the "Operations contact" e-mail address configured in the "Alternate contacts" on the AWS account settings (https://console.aws.amazon.com/billing/home?#/account).
Hi Tedi, I understand you want to change your email where you receive your certificate notifications. You can subscribe an email address to an Amazon SNS topic to receive notifications, guided steps are provided in the documentation [1]. Use your registrar's website to associate your contact addresses with your domain name. You can configure your email address for ACM with the provided documentation [1]. In addition I provided an email validation document with all details on when notifications are sent out prior to certificate expiring [2].
[1] https://docs.aws.amazon.com/sns/latest/dg/sns-email-notifications.html
[2] https://docs.amazonaws.cn/en_us/acm/latest/userguide/setup-email.html
[3] https://docs.amazonaws.cn/en_us/acm/latest/userguide/email-validation.html
Thanks for your answer @Lwazi.
The problem is that we are currently receiving certificate renewal notices into an e-mail address, and we want to change these to be sent to a different e-mail.
The certificate was created in ACS using DNS validation (not e-mail validation), and the whois information have different e-mail details for all contacts, and not the address where the notifications are being received.
Am also looking the solution for the same issue but we are using email validation and want to see which emails are configured in WHOIS. Our certificate is already expires so please any anyone reply ASAP
For domains validated by DNS, ACM utilizes Amazon Cloudwatch and Amazon Eventbridge for events and metrics.
Amazon Cloudwatch metrics and Amazon Eventbridge events are enabled for all certificates managed by ACM. As such, an Eventbridge expiry event is published for certificates at least 45 days from expiry.
Eventbridge: https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
ACM will publish metrics to Cloudwatch for all certificates in the account.
https://docs.aws.amazon.com/acm/latest/userguide/cloudwatch-metrics.html
ACM is also integrated with AWS CloudTrail, which records events and actions taken by user, roles or an AWS service.
https://docs.aws.amazon.com/acm/latest/userguide/cloudtrail.html
The AWS Health Dashboard also allows you to check the renewal status of certificates.
https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html
I would start by checking the services mentioned above to see if the email recipient is setup or configured for alerts.
AWS ACM Monitoring/Logging : https://docs.aws.amazon.com/acm/latest/userguide/monitoring-and-logging.html
Relevant content
- asked a year ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Yeah, I recently found it too by coincidence. Not really trivial!