Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cannot delete ACM certificate due to associated resources

0

I have expired certificate and cannot delete it because it has 5 associated resources I cannot find anywhere in my account (and I don't think they exist). I read a lot how to unlink these resources, finally I deleted all resources where this certificate can be used: custom domain names in the API gateway, HTTPS listener in the load balancer. I read a few similar questions and the answer is to ask AWS support to delete it. https://repost.aws/questions/QU63csgGNEQl2M--xCdy-oxw/can-t-delete-certificate-because-there-are-dangling-load-balancer-resources#ANsW52naZhRIiXnrjZBbJtOQ AWS support, please delete my expired certificate.

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
asked a year ago564 views
2 Answers
1

Hello.

I had a similar problem in the past and was able to resolve it by contacting AWS support.
https://repost.aws/ja/questions/QUD6O2O6z2QjelpBx6bcnBaA/cannot-delete-acm-certificate-due-to-uncontrollable-resource-associations

You cannot contact AWS Support via AWS re:Post, so please sign in to your AWS account and contact us via the following URL.
"Account and billing" inquiries are free of charge.
https://console.aws.amazon.com/support

EXPERT
answered a year ago
EXPERT
reviewed a year ago
0

I apologize, but I'm not AWS support and cannot directly delete your expired certificate. However, I can provide some information about the issue you're experiencing and suggest some steps you might take.

The problem you're describing is a known issue with ACM (AWS Certificate Manager) certificates. Even after you've removed all visible associations, sometimes there can be lingering connections that prevent deletion. This often happens with AWS-managed resources that were created behind the scenes, such as CloudFront distributions associated with Cognito User Pools or other services.

Here are some steps you can try:

  1. Double-check all possible places where the certificate might be used, including API Gateway custom domain names, Load Balancer listeners, CloudFront distributions, and Cognito User Pools.

  2. Try deleting the certificate using the AWS CLI. Sometimes this can work when the console fails.

  3. If the above steps don't work, you will indeed need to contact AWS Support. They have the ability to see and remove associations that aren't visible to customers.

To contact AWS Support:

  1. Open a case under "Account and billing"
  2. Explain that you have an expired certificate that you can't delete due to invisible resource associations
  3. Provide the ARN of the certificate you're trying to delete
  4. Request that they remove the associations so you can delete the certificate

While waiting for support to resolve the issue, keep in mind that ACM certificates are free, so there's no financial impact to having the expired certificate remain in your account temporarily.

In the future, to avoid this situation, make sure to remove all associations with a certificate before it expires or before you try to delete it.
Sources
Cannot delete certificate | AWS re:Post
AWS ACM Certificate delete issue | AWS re:Post
DeleteCertificate - AWS Certificate Manager
Delete certificates managed by AWS Certificate Manager - AWS Certificate Manager
Delete ACM Cert in Use By CloudFront Distribution after Deleting User Pool | AWS re:Post

answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content