By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Requested New Cert after Original Certificate Expired, but what's next?

0

I currently use Route53 to manage my records and have a hosted zone here. I stupidly did not validate and renew my expiring certificate, and now it has expired.

I could not see any expired certificate in my AWS ACM so I requested for a new public certificate for my domain name and have managed to get it validated via email. This new cert now shows up in my ACM as "Issued" but Not in Use. I note that the new cert has a different ID so I'm guessing I should update the ID somewhere.

But I'm very lost as to what to do from here on. I'm using Route53 - should I be updating anything there with the new certificate details/ID? If not, where should I be making this update?

Thank you!

Topics
Networking & Content DeliverySecurity, Identity, & ComplianceManagement & Governance
Tags
Amazon Route 53AWS Certificate ManagerAWS Account Management
Language
English
rePost-User-6943260
asked a year ago417 views
2 Answers
0

Thank you for your answer! I did the following steps

  1. CloudFront - Distributions - Edit settings - Changed my cert to the new ACM cert issued

  2. I don't have an existing load balancer in EC2 so I went to Cloudfront, went to the distribution I wanted and edited the origin to "HTTPS only"

  3. But since that didn't work, I also went to create a Application Load Balancer and set up a HTTPS listener and choosing a new cert.

It seems like I now have 2 different certs in ACM for the same domain - one is a North Virginia one associated with Cloudflare and another is a Asia Pacific one associated with ALB.

Now, when I get to my website via redirect links (eg clickthrough from social media, from SEO links etc), it loads as secured https site. However, if I type the website URL directly into the browser, it still shows not secure and displays a "NET::ERR_CERT_COMMON_NAME_INVALID" error message.

Would you be able to help me figure out what to fix?

Thanks!

rePost-User-6943260
answered a year ago
  • Olivier Cahagne
    10 months ago

    On the Cloudflare side, do you have a valid certificate in SSL/TLS > Edge Certificates ?

0

Hi there! It happens to the best of us; if I am understanding correctly, you want to update the SSL certificate for your website with domain hosted on route 53. Try these steps and see if they work to solve your problem :)

  1. First, you need to ensure that your new certificate is linked to an AWS service, such as CloudFront or Elastic Load Balancing. This will enable AWS Certificate Manager (ACM) to renew the certificate automatically in most situations.

  2. Second, you need to change the HTTPS listener for your CloudFront distribution or Application Load Balancer (ALB) to use the new certificate. You can do this by modifying the listener settings in the CloudFront console or the Amazon EC2 console and choosing the new certificate from ACM.

  3. Third, you need to confirm that your new certificate is functioning correctly by accessing your website over HTTPS and looking at the browser’s security indicator. You should see a message that says “Connection is secure” or a green lock icon.If you complete these steps, you should be able to update your SSL certificate for your domain name hosted on Route 53.

If this helps, it would much appreciated to accept my answer, if you have any questions too please let me know and I will try my best to answer! :)

AWS
rePost-User-1144959
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content