Requesting a new SSL after they have expired

Do I need to delete the expired SSL in the certificate manager before requesting new ones after the originals have expired? I did not renew the SSL and let it expire. the original im using 53 for the domain. Do i need to delete the CNAME validation in 53 also or do i just leave that in there when requesting a new SSL in certificate manager for the same domain? I hope this makes sense. I am not exerienced in these actions and could some help. THANK YOU!

Topics

Networking & Content Delivery Security, Identity, & Compliance

Tags

Amazon Route 53 AWS Certificate Manager

Language

English

DToo

asked a month ago169 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

You mention CNAME validation which suggests DNS validated certificate, and this should automatically renew 60 days before expiry https://docs.aws.amazon.com/acm/latest/userguide/dns-renewal-validation.html

If the cert isn't in-use then it won't be renewed, is this the situation here? In these circumatances, once the cert is expired it's not eligible for renewal https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html

NOT ELIGIBLE if already expired.

In this case it's best just to start again with a brand new certificate request.

EXPERT

Steve_M

answered a month ago

EXPERT

Riku_Kobayashi

reviewed a month ago

DToo
a month ago
Thank you for your response. I am looking for clarity on the process of requesting new certs after one or more have expired. Do I have to delete the previous CNAME validation in the Route 53 DNS before requesting a new one, and/or do I have to delete the expired SSL in Certificate Manager before requesting a new one for the same domains and ghost domains? Do I have to add the ghost names when i request the SSL or do i add the ghost domain after i request the SSL on the subdomain i need the SSL for?
Steve_M EXPERT
a month ago
You can raise a new request with the same Common Name and Subject Alternate Names as the expired cert, and both certs can exist at the same time (this is useful if you want to make sure the settings in the new cert are the same as the old cert).

When you delete a cert you can also safely delete the corresponding CNAME .txt records from Route 53. Be careful to delete only the records related to that cert.

Relevant content

Requested New Cert after Original Certificate Expired, but what's next?
rePost-User-6943260
asked a year ago
SSL Certificate renewal issue
vishv
asked 7 months ago
SSL/TLS CA certification expiration
Jeet
asked 2 months ago
Origin SSL check fails with the NEW Letsencrypt Issuer
Zetanova
asked 3 years ago
Why does CloudFront show my old Amazon-issued SSL certificate, even after I renew or reimport the certificate?
AWS OFFICIALUpdated a year ago
Why is my certificate renewal still pending after I validated my domain names using the ACM managed renewal process?
AWS OFFICIALUpdated 2 years ago
When I try to access an S3 object, I get the error "Request has expired." Why?
AWS OFFICIALUpdated a year ago
How do I renew a Let's Encrypt SSL certificate in a Bitnami stack hosted on a Lightsail instance?
AWS OFFICIALUpdated 3 months ago
Announcement: RDS/Aurora SSL/TLS Certificates are expiring between May and October 2024
EXPERT
randyyoung
published a month ago
Amazon GameLift releases a new version of the server SDKs and game engine plugins
EXPERT
Sachin
published 2 months ago