Managed Renewal for ACM Certificates - AWS Certificate Manager

Managed Renewal for ACM Certificates

ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

A certificate is eligible for automatic renewal subject to the following considerations:

  • ELIGIBLE if associated with another AWS service, such as Elastic Load Balancing or CloudFront.

  • ELIGIBLE if exported since being issued or last renewed.

  • ELIGIBLE if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service.

  • ELIGIBLE if it is a private certificate issued through the management console and then exported or associated with another AWS service.

  • NOT ELIGIBLE if it is a private certificate issued by calling the ACM Private CA IssueCertificate API.

  • NOT ELIGIBLE if imported.

  • NOT ELIGIBLE if already expired.

When ACM renews a certificate, the certificate's Amazon Resource Name (ARN) remains the same. Also, ACM certificates are regional resources. If you have certificates for the same domain name in multiple AWS Regions, each of these certificates must be renewed independently.