1 Answer
- Newest
- Most votes
- Most comments
0
You mention CNAME validation which suggests DNS validated certificate, and this should automatically renew 60 days before expiry https://docs.aws.amazon.com/acm/latest/userguide/dns-renewal-validation.html
If the cert isn't in-use then it won't be renewed, is this the situation here? In these circumatances, once the cert is expired it's not eligible for renewal https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
- NOT ELIGIBLE if already expired.
In this case it's best just to start again with a brand new certificate request.
Relevant content
- asked 7 months ago
- asked 2 months ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
Thank you for your response. I am looking for clarity on the process of requesting new certs after one or more have expired. Do I have to delete the previous CNAME validation in the Route 53 DNS before requesting a new one, and/or do I have to delete the expired SSL in Certificate Manager before requesting a new one for the same domains and ghost domains? Do I have to add the ghost names when i request the SSL or do i add the ghost domain after i request the SSL on the subdomain i need the SSL for?
You can raise a new request with the same Common Name and Subject Alternate Names as the expired cert, and both certs can exist at the same time (this is useful if you want to make sure the settings in the new cert are the same as the old cert).
When you delete a cert you can also safely delete the corresponding CNAME .txt records from Route 53. Be careful to delete only the records related to that cert.