Menu
AWS Certificate Manager
User Guide (Version 1.0)

Limits

The following AWS Certificate Manager (ACM) limits apply to each AWS region and each AWS account. To request higher limits, create a case at the AWS Support Center. New AWS accounts might start with limits that are lower than those that are described here.

Item Default Limit
Number of ACM-provided certificates 100
Number of imported certificates 100
Number of domain names per ACM-provided certificate 10. See the information following this table.

Note

The limit for the number of domain names per ACM Certificate applies only to certificates that are provided by ACM. This limit does not apply to certificates that you import into ACM. The following sections apply only to certificates that are provided by ACM.

Deleting ACM Certificates

Although you can delete ACM Certificates to stay within your assigned limit, you cannot request more than twice that limit per year. For example, if your limit is 10 certificates and you delete unused certificates to avoid hitting that limit, you cannot delete more than 20 certificates issued during the year (last 365 days).

Number of Domain Names per ACM Certificate

The default limit is 10 domain names per ACM Certificate. Your limit may be greater. The first domain name that you submit is included as the subject Common Name (CN) of the certificate. All names are included in the Subject Alternative Name extension.

You can request up to 100 domain names. To request an increase in your limit, create a case at the AWS Support Center. Before creating a case, however, read the following information to make sure you understand how adding more domain names can create more administrative work for you.

Before you can be issued an ACM Certificate, you must validate ownership of all the domain names in the request. For each domain name, you receive up to 8 validation emails, at least 1 of which must be acted upon within 72 hours. For example, when you request a certificate with 5 domain names, you receive up to 40 validation emails, at least 5 of which must be acted upon within 72 hours. As the number of domain names in the certificate request increases, so does the work required to validate ownership of the domains.

Adding or Deleting Domain Names

You cannot add or remove domain names from an existing ACM Certificate. Instead, you must request a new certificate with the revised list of domain names. As with any new certificate, you must validate ownership of all the domain names in the request, including the domain names that you previously validated for the original certificate.

For example, if your certificate has 5 domain names and you want to add 4 more, you must request a new certificate with all 9 domain names. This results in up to 72 emails, at least 9 of which must be acted upon within 72 hours.

As the number of domain names in the certificate request increases, so does the work required to validate ownership of the domains each time you want to make a change to the domain names in the certificate.