Amazon Certificate Manager (ACM) certificate re-import
Can you replace an existing certificate in ACM with the same hostname (or wildcard) certificate with a different expiration date? Would this allow you to renew an existing certificate and not have to go update all endpoints with that cert?
For instance, customer has *.customer.cloud cert expiring in March 2019. If they obtain another *.customer.cloud cert expiring in March 2021, can they use the re-import option in ACM and replace the 2019 cert prior to its expiration with the 2021 cert? Would the 2021 cert then be pushed out to all ELBs where the 2019 cert existed?
My intuition is telling me that the new cert has a new public key, so it will not be able to re-imported over the existing 2019 cert. The customer will have to Import the 2021 cert as a new cert and then manually change their AWS Elastic Loadbalancer (ELBs) to use the new cert. Is that correct?
- Newest
- Most votes
- Most comments
Yes you can replace an existing certificate in AWS Certificate Manager(ACM) with the same hostname (or wildcard) certificate with a different expiration date.
You can create several certificates for the same domain in the same AWS account or in different AWS accounts. ACM will provide them without any other check that DNS/Email validation.
No Since you are not relying on managed renewal that ACM provides but creating a new one (with a new Amazon Resource Name (ARN)). You have to go and update all endpoints to use that new certificate.
https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
Relevant content
- asked 4 years ago
- Accepted Answerasked 3 months ago
- Accepted Answerasked 10 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
