0

Document says you need to have CNAME record for automatic renewal (in https://aws.amazon.com/premiumsupport/knowledge-center/certificate-fails-to-auto-renew/)

DNS validated certificates

Update your DNS configuration to include the CNAME records provided by ACM.

And for Loadbalancer, you need A record not CNAME according to (http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html and RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com)

How do I renew the certificate that's used with loadbalancer?

eugene
  • 33,301
  • 47
  • 188
  • 382

1 Answers1

0

If your certificate is created via ACM it will automatically renew itself.

Each certificate is created for a 13 month duration, but 1 month before the certificate is due for renewal the process will start and then be automatically applied to all resources that had the previous certificate.

ACM can renew and deploy public ACM certificates without any additional validation from the domain owner. If a certificate cannot be renewed without additional validation, ACM manages the renewal process by validating domain ownership or control for each domain name in the certificate. After each domain name in the certificate has been validated, ACM renews the certificate and automatically deploys it with your AWS resources. If ACM cannot validate domain ownership, we will let you (the AWS account owner) know.

Chris Williams
  • 23,842
  • 4
  • 14
  • 39