Menu
AWS Certificate Manager
User Guide (Version 1.0)

Limits

The following AWS Certificate Manager (ACM) limits apply to each AWS region and each AWS account. To request higher limits, create a case at the AWS Support Center. New AWS accounts might start with limits that are lower than those that are described here.

Item Default Limit
Number of ACM Certificates 100
Number of imported certificates 100
Number of domain names per ACM Certificate 10. See the information following this table.
Number of ACM Certificates per year Twice your account limit. See the information following this table.

Note

The limit for the number of domain names per ACM Certificate applies only to certificates that are provided by ACM. This limit does not apply to certificates that you import into ACM. The following sections apply only to certificates that are provided by ACM.

Number of ACM Certificates per Year (last 365 days)

You can request up to twice your limit of ACM Certificates every year. For example, if your limit is 25, you can request up to 50 ACM Certificates a year. If you request 50 certificates, you must of course delete 25 during the year to stay within your limit. If you need more than 25 certificates, you must contact the AWS Support Center.

Note

Although the preceding table indicates that an account can own up to 100 ACM Certificates, new AWS accounts might start with a lower limit.

Number of Domain Names per ACM Certificate

The default limit is 10 domain names per ACM Certificate. Your limit may be greater. The first domain name that you submit is included as the subject Common Name (CN) of the certificate. All names are included in the Subject Alternative Name extension.

You can request up to 100 domain names. To request an increase in your limit, create a case at the AWS Support Center. Before creating a case, however, read the following information to make sure you understand how adding more domain names can create more administrative work for you.

Before you can be issued an ACM Certificate, you must validate ownership of all the domain names in the request. For each domain name, you receive up to 8 validation emails, at least 1 of which must be acted upon within 72 hours. For example, when you request a certificate with 5 domain names, you receive up to 40 validation emails, at least 5 of which must be acted upon within 72 hours. As the number of domain names in the certificate request increases, so does the work required to validate ownership of the domains.

Adding or Deleting Domain Names

You cannot add or remove domain names from an existing ACM Certificate. Instead, you must request a new certificate with the revised list of domain names. As with any new certificate, you must validate ownership of all the domain names in the request, including the domain names that you previously validated for the original certificate.

For example, if your certificate has 5 domain names and you want to add 4 more, you must request a new certificate with all 9 domain names. This results in up to 72 emails, at least 9 of which must be acted upon within 72 hours.

As the number of domain names in the certificate request increases, so does the work required to validate ownership of the domains each time you want to make a change to the domain names in the certificate.