Certificate request for CDN

0

Hello,

I am using Cloudfront since one year. I have recently received an email telling me to renew my SSL certificate for my cdn domain.
Despite the email, my certificate's status has always been ok on aws.

Now, my CDN is not working anymore so I have added a CNAME listed in my AWS certificate manager. It's not working and I don't know how to check it. I did not change anything since last year and did not do that before.
Could you help me understand what I should do?

Thanks a lot for helping

asked 3 years ago175 views
2 Answers
0

It's finally ok, just needed time of propagation.

answered 3 years ago
0

When using AWS Certificate Manager (ACM), you don't need to rotate SSL/TLS certificates as ACM manages certificate renewals for you. ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

It can take up to several hours for changes to the renewal status to become available. If a problem is encountered, the renewal request times out after 72 hours, and the renewal process must be repeated from the beginning.

A certificate is eligible for automatic renewal subject to the following considerations:

  • ELIGIBLE if associated with another AWS service, such as Elastic Load Balancing or CloudFront.
  • ELIGIBLE if exported since being issued or last renewed.
  • ELIGIBLE if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service.
  • ELIGIBLE if it is a private certificate issued through the management console and then exported or associated with another AWS service.
  • NOT ELIGIBLE if it is a private certificate issued by calling the AWS Private CA IssueCertificate API.
  • NOT ELIGIBLE if imported.
  • NOT ELIGIBLE if already expired.

Note - To use an ACM certificate with CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). If you want to require HTTPS between CloudFront and your origin, and you’re using a load balancer in Elastic Load Balancing as your origin, you can request or import the certificate in any AWS Region.

For more information refer - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html

AWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions