Unable to delete ACM certificate because of association to non existing resource


I am unable to delete a certificate because it is marked as in use by a Cloudfront distribution. This Cloudfront distribution is (according to the ARN) in my account, but I cannot see it (using the console or the CLI). The certificate was attached to two distributions. It was detached from the first more than a year ago (when it was deleted), and from the second one about a month ago (it still exists).

Some questions mention waiting a bit (a year seems to qualify) and remaining resources from API Gateway (I haven't used this service at all, and resources are in my account)

I don't have access to technical support (basic account) so I am unable to contact them directly.

1 Answer

You can reference this link to delete ACM certificate : https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-resources/

answered a year ago
  • I have never used API gateway, and the distribution seems to be in my account. And since the arn for the Cloudfront distribution contains my account id, I think I'm supposed to own it. I have checked all the services mentioned in this documentation for resources, but I don't have anything there.

  • Can you check the ARN of the 'Associated Resource' in the certificate in ACM - does it match that of the AWS account that you're in? If not, then it's likely that this is a resource created by API GW and owned by that service. Go into API GW and see if you have any global GWs that have an ACM cert associated with them. https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html

    If you had API GWs but have recently deleted them, give it some time before deleting the cert. Let me know if this helps.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions