AWS Certificate Manager
User Guide (Version 1.0)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Testing ACM's Managed Renewal Configuration

You can use the ACM API or AWS CLI to manually test the configuration of your ACM managed renewal workflow. By doing so, you can confirm that your certificates will be renewed automatically by ACM upon expiration.

At this time, you can only test the renewal processes of exported private certificates.


In order to renew your ACM PCA certificates with ACM, you must first grant the ACM service principal permissions to do so. For more information, see Assigning Certificate Renewal Permissions to ACM.

To manually test certificate renewal (AWS CLI)

  1. Use the renew-certificate command to renew a private exported certificate.

    aws acm renew-certificate --certificate-arn arn:aws:acm-pca:region:account:\ certificate/12345678-1234-1234-1234-123456789012
  2. Then use the describe-certificate command to confirm that the certificate's renewal details have been updated.

    aws acm describe-certificate --certificate-arn arn:aws:acm-pca:region:account:\ certificate/12345678-1234-1234-1234-123456789012

To manually test certificate renewal (ACM API)

  • Send a RenewCertificate request, specifying the ARN of the private certificate to renew. Then use the DescribeCertificate operation to confirm that the certificate's renewal details have been updated.