Unable to attach custom (Cloudflare) ssl certificate - "not issued by a trusted Certificate Authority"

Suppose you are using Cloudflare and have created an ACM (AWS Certificate Manager) via Import Request to create a certificate. In that case, it may not attach to Cloudfront as it will not be issued via a trusted Certificate Authority.

To resolve this issue, you must own the domain ownership and request a public certificate which you can request from the ACM dashboard. Then, add the CNAME name and CNAME value to your domain records.

If you own the domain inside Cloudflare, add the CNAME name and CNAME value records inside your domain name records. Wait for 1-2 minutes to verify the ownership. Once your records are verified, the ACM will issue the certificate you can use with Cloudfront.

Hi tomeast,

The error "The certificate that is attached to your distribution was not issued by a trusted Certificate Authority." has the following definition: Indicates that the certificate wasn't issued by a trusted certificate authority (CA). Issue a certificate from a trusted CA for CloudFront to allow you to use an alternate domain name (CNAME). If your current CA doesn't support this, you can use ACM to issue a free valid certificate. Note: Self-signed certificates aren't supported.

That said, I would double check that you are importing a correctly generated certificate from a authorized CA

If you double checked everything it's alright, open a support ticket as it would seem a bug or something else is amiss.

I got same error message and problem was that I was missing intermediate certificate from certificate chain of the imported certificate.

@tomeast hello did you solved this?

Hello any update to solved this? I got same error when need to add Cname on my Cloudfront distribution