AWS certificate manager certificate renewal

Question

The certificate renewal process was unsuccessful due to Cloudflare configuration for our domain(Cloudflare just blocked Let's Encrypt validation requests). Approximately 7 hours ago we updated the Cloudflare configuration and it shouldn't block Let's Encrypt anymore, but we still didn't receive any requests from them, and our SSL certificate is still pending validation. Unfortunately for us, this certificate expires today, and we don't have a lot of time for that. I've tried requesting a new one, but it was also unsuccessful(certificate validation failed), and importing the Cloudflare origin certificate also was unsuccessful(import failed). I can't find any logs to debug that, and can't force Cert Manager to try to validate us one more time. Please help us.

Answer

1.To renew an imported certificate, you can obtain a new certificate from your certificate issuer and then manually re-import it into ACM. This action preserves the certificate's association and its Amazon Resource name (ARN). Alternatively, you can import a completely new certificate. Multiple certificates with the same domain name can be imported, but they must be imported one at a time

2. You can use an imported certificate with any AWS service that is integrated with ACM. The certificates that you import work the same as those provided by ACM, with one important exception: ACM does not provide managed renewal for imported certificates.
     
    3. Make sure you configured your 3rd party (CloudFlare) settings appropriately. 
     
    Reference links:
    https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
    https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
    https://aws.amazon.com/premiumsupport/knowledge-center/certificate-fails-to-auto-renew/

AWS certificate manager certificate renewal

Relevant content