Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to Renew SSL/TLS Certificate in ACM Console

0

I'm experiencing an issue with renewing my SSL/TLS certificate in the AWS Certificate Manager (ACM) console. The certificate is set to expire on January 8, 2025, and I'm unable to find the renewal or edit option in the console.

My setup includes:

  • AWS CloudFront distribution
  • GoDaddy for DNS

I've received an email from AWS stating that the automatic renewal failed due to DNS validation issues. However, I'm unsure how to proceed with renewing the certificate manually. Can someone please assist me with the steps to renew my SSL/TLS certificate in ACM or provide guidance on how to resolve the DNS validation issues?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS Certificate ManagerAmazon CloudFrontDomain Name System (DNS)
Language
English
asked 10 months ago170 views
1 Answer
0

Based on the information you've provided, it appears that you're facing an issue with the automatic renewal of your AWS Certificate Manager (ACM) certificate due to DNS validation problems. Here's how you can address this situation:

  1. First, it's important to note that ACM attempts to renew certificates automatically, but this process can fail if there are issues with DNS validation.

  2. Since you received an email stating that the automatic renewal failed due to DNS validation issues, it's likely that there are missing or inaccurate CNAME records in your DNS configuration.

  3. To resolve this, you should check and update the CNAME records for your domains. Here's how:

    a. Log in to the ACM console and select your certificate. b. Expand the certificate details to find the CNAME information for each domain. c. Compare these CNAME records with what's currently in your GoDaddy DNS configuration. d. If there are discrepancies, update the CNAME records in your GoDaddy DNS settings to match those provided by ACM.

  4. After updating the DNS records, allow some time for the changes to propagate. DNS changes can take up to 48 hours to fully propagate, although they often take effect much sooner.

  5. Once you've updated the DNS records, ACM should attempt to validate and renew the certificate automatically. This is an asynchronous process, so it may take several hours for the changes to reflect in the ACM console.

  6. If the problem persists after updating your DNS records and waiting for propagation, you may need to contact AWS Support for further assistance.

Remember, for DNS-validated certificates, you don't need to manually renew them in the console. As long as the correct CNAME records are in place, ACM should handle the renewal process automatically.

If you continue to experience issues, consider reaching out to AWS Support or posting in the ACM Discussion Forum for more specific guidance tailored to your situation.

Sources
Troubleshoot managed certificate renewal - AWS Certificate Manager
Troubleshoot certificate validation - AWS Certificate Manager
Troubleshoot issues with AWS Certificate Manager - AWS Certificate Manager

answered 10 months ago
EXPERT
reviewed 10 months ago
AWS
EXPERT
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content