CreateCertificate - Amazon Lightsail


Creates an SSL/TLS certificate for a Amazon Lightsail content delivery network (CDN) distribution.

After the certificate is created, use the AttachCertificateToDistribution action to attach the certificate to your distribution.


Only certificates created in the us-east-1 AWS Region can be attached to Lightsail distributions. Lightsail distributions are global resources that can reference an origin in any AWS Region, and distribute its content globally. However, all distributions are located in the us-east-1 Region.

Request Syntax

{ "certificateName": "string", "domainName": "string", "subjectAlternativeNames": [ "string" ], "tags": [ { "key": "string", "value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name for the certificate.

Type: String

Required: Yes


The domain name (e.g., for the certificate.

Type: String

Required: Yes


An array of strings that specify the alternate domains (e.g., and subdomains (e.g., for the certificate.

You can specify a maximum of nine alternate domains (in addition to the primary domain name).

Wildcard domain entries (e.g., * are not supported.

Type: Array of strings

Required: No


The tag keys and optional values to add to the certificate during create.

Use the TagResource action to tag a resource after it's created.

Type: Array of Tag objects

Required: No

Response Syntax

{ "certificate": { "certificateArn": "string", "certificateDetail": { "arn": "string", "createdAt": number, "domainName": "string", "domainValidationRecords": [ { "domainName": "string", "resourceRecord": { "name": "string", "type": "string", "value": "string" } } ], "eligibleToRenew": "string", "inUseResourceCount": number, "issuedAt": number, "issuerCA": "string", "keyAlgorithm": "string", "name": "string", "notAfter": number, "notBefore": number, "renewalSummary": { "domainValidationRecords": [ { "domainName": "string", "resourceRecord": { "name": "string", "type": "string", "value": "string" } } ], "renewalStatus": "string", "renewalStatusReason": "string", "updatedAt": number }, "requestFailureReason": "string", "revocationReason": "string", "revokedAt": number, "serialNumber": "string", "status": "string", "subjectAlternativeNames": [ "string" ], "supportCode": "string", "tags": [ { "key": "string", "value": "string" } ] }, "certificateName": "string", "domainName": "string", "tags": [ { "key": "string", "value": "string" } ] }, "operations": [ { "createdAt": number, "errorCode": "string", "errorDetails": "string", "id": "string", "isTerminal": boolean, "location": { "availabilityZone": "string", "regionName": "string" }, "operationDetails": "string", "operationType": "string", "resourceName": "string", "resourceType": "string", "status": "string", "statusChangedAt": number } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


An object that describes the certificate created.

Type: CertificateSummary object


An array of objects that describe the result of the action, such as the status of the request, the timestamp of the request, and the resources affected by the request.

Type: Array of Operation objects


For information about the errors that are common to all actions, see Common Errors.


Lightsail throws this exception when the user cannot be authenticated or uses invalid credentials to access a resource.

HTTP Status Code: 400


Lightsail throws this exception when user input does not conform to the validation rules of an input field.


Domain-related APIs are only available in the N. Virginia (us-east-1) Region. Please set your AWS Region configuration to us-east-1 to create, view, or edit these resources.

HTTP Status Code: 400


Lightsail throws this exception when it cannot find a resource.

HTTP Status Code: 400


A general service exception.

HTTP Status Code: 500


Lightsail throws this exception when the user has not been authenticated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: