By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

could you help to delete one expired certificate due to associated resources?

0

I try to delete useless expired certification but it reported associated resources with cmd: aws acm delete-certificate --certificate-arn arn:aws:acm:us-east-1:318935743692:certificate/4f6925a5-eb02-41e5-ac61-0c01e05cd479 --region us-east-1 but got error: An error occurred (ResourceInUseException) when calling the DeleteCertificate operation: Certificate arn:aws:acm:us-east-1:318935743692:certificate/4f6925a5-eb02-41e5-ac61-0c01e05cd479 in account 318935743692 is in use.

try from aws GUI, got Certificate is in use The certificate (4f6925a5-eb02-41e5-ac61-0c01e05cd479) is in use (associated with other AWS resources) and cannot be deleted. Dissociate the certificate from each resource in the list and try again. Associated resources arn:aws:elasticloadbalancing:us-east-1:318935743692:loadbalancer/app/a206097-indexloader-cc-public/d10b2cfb8edb4718

in fact, i can not find this certification in the mentioned load balance.

Could you help to delete this expired certificate "arn:aws:acm:us-east-1:318935743692:certificate/4f6925a5-eb02-41e5-ac61-0c01e05cd479" ?

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
haiyan
asked 12 days ago34 views
1 Answer
0
Accepted Answer

I understand you're having difficulty deleting an expired certificate due to associated resources. Unfortunately, I cannot directly delete the certificate for you, but I can provide guidance on how to address this issue.

The error messages you're receiving indicate that the certificate is still associated with an AWS resource, specifically an Application Load Balancer. Even though you can't find this association in the load balancer settings, it appears that there's a lingering connection preventing the deletion.

Here are some steps you can try:

  1. Double-check all possible places where the certificate might be used, including API Gateway custom domain names, Load Balancer listeners, CloudFront distributions, and Cognito User Pools.

  2. If you've already checked these and found no associations, the issue might be with AWS-managed resources created behind the scenes.

  3. Try using the AWS CLI command again, as sometimes it can work when the console fails.

If these steps don't resolve the issue, you'll need to contact AWS Support. They have the ability to see and remove associations that aren't visible to customers. To do this:

  1. Open a support case under "Account and billing" in your AWS account.
  2. Explain that you have an expired certificate that you can't delete due to invisible resource associations.
  3. Provide the ARN of the certificate you're trying to delete.
  4. Request that they remove the associations so you can delete the certificate.

While waiting for support to resolve the issue, keep in mind that ACM certificates are free, so there's no financial impact to having the expired certificate remain in your account temporarily.

For future reference, it's best to remove all associations with a certificate before it expires or before you try to delete it to avoid this situation.
Sources
Cannot delete ACM certificate due to associated resources | AWS re:Post
Delete certificates managed by AWS Certificate Manager - AWS Certificate Manager
DeleteCertificate - AWS Certificate Manager
Cannot delete certificate | AWS re:Post

profile picture
re:Post Agent
answered 12 days ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 11 days ago
  • haiyan
    11 days ago

    Very appreciate for these details steps! I searched all resource but hard to find clue. I will follow to raise support case.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content