By using AWS re:Post, you agree to the Terms of Use

Amazon Certificate Manager (ACM) certificate re-import


Can you replace an existing certificate in ACM with the same hostname (or wildcard) certificate with a different expiration date? Would this allow you to renew an existing certificate and not have to go update all endpoints with that cert?

For instance, customer has * cert expiring in March 2019. If they obtain another * cert expiring in March 2021, can they use the re-import option in ACM and replace the 2019 cert prior to its expiration with the 2021 cert? Would the 2021 cert then be pushed out to all ELBs where the 2019 cert existed?

My intuition is telling me that the new cert has a new public key, so it will not be able to re-imported over the existing 2019 cert. The customer will have to Import the 2021 cert as a new cert and then manually change their AWS Elastic Loadbalancer (ELBs) to use the new cert. Is that correct?

1 Answer
Accepted Answer

Yes you can replace an existing certificate in AWS Certificate Manager(ACM) with the same hostname (or wildcard) certificate with a different expiration date.

You can create several certificates for the same domain in the same AWS account or in different AWS accounts. ACM will provide them without any other check that DNS/Email validation.

No Since you are not relying on managed renewal that ACM provides but creating a new one (with a new Amazon Resource Name (ARN)). You have to go and update all endpoints to use that new certificate.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions