ACM Certificate Request Limit

0

I see on the ACM Quota docs that you can request 5000 certificates as long as you have deleted 2500. a few questions:

  1. Is 5000 a hard cap if your account quota is 2500? As in, once you've requested 5000 does it not matter how many certs you delete, you can't request any more until the limit is refreshed?
  2. Is the limit refreshed every day ?
2 Answers
2
Accepted Answer

Is 5000 a hard cap if your account quota is 2500?

Correct, if your account quota is 2500, then 5000 is a hard cap. The number of Certificates that you can request in a year is "Twice your account quota" for the "Number of certificates" limit [1]. The default for an account is "2500", which would therefore allow you to request "5000" Certificates in 365 days.

As in, once you've requested 5000 does it not matter how many certs you delete, you can't request any more until the limit is refreshed?

Yes, before you request a new certificate, the system checks the following two limits:

  1. Whether the number of certificates under your account exceeds 2500.
  2. Whether you have requested more than 5000 certificates in the past 365 days.

Is the limit refreshed every day ?

In principle, the ACM team conducts asynchronous statistics. If you have concerns about the limit, it is recommended to directly contact the customer service team to request for a limit increase.

[1] https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html#general-limits

profile picture
answered 16 days ago
profile picture
EXPERT
reviewed 16 days ago
profile pictureAWS
EXPERT
kentrad
reviewed 16 days ago
  • Thank you!

0

Hi,

Just wanted to add to above answer if it helps, that if you need your per year (last 365 days) quota to be more than the default 5000, you can request an ACM certificates limit increase as mentioned in ACM Quotas page - https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html

specifically

If you need more than 2,500 certificates at any given time, you must contact the AWS Support Center

If this quota increase gets approved and granted to say 2600, your per year (last 365 days) quota will also correspondingly increase to 5200 since it is twice your account quota. This will allow you to create more even if your current certificates are less than 2500 ( but in the past 365 days you have created and deleted 5000 already )

Thanks.

profile pictureAWS
MODERATOR
AWS-SUM
answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions