AWS Certificate Manager
User Guide (Version 1.0)

Configure Your Domain for Automatic Validation

ACM tries to automatically renew your Amazon-issued SSL/TLS certificates before they expire so that no action is required from you. To renew your certificate automatically, the following must be true:

  • ACM must be able to establish an HTTPS connection with each domain in the certificate.

  • For each connection, the certificate that is returned must match the one that ACM is renewing.

To increase the likelihood that ACM can renew your certificate automatically, do the following:

Use the certificate with an AWS resource

Make sure that your certificate is in use with a supported AWS resource. For example, you can use your ACM Certificate with an HTTPS listener for an Application Load Balancer or a Classic Load Balancer in Elastic Load Balancing, or with an Amazon CloudFront distribution.

Configure the resource to accept HTTPS requests from the Internet

Make sure that the AWS resource that has your ACM Certificate, such as the Elastic Load Balancing load balancer or the CloudFront distribution, is configured to accept HTTPS requests from the Internet.

Configure DNS to route your domain name to the resource that hosts your ACM Certificate

Make sure that HTTPS requests to the domain names in your certificate are routed to the resource that has your certificate.