How does the ACM managed renewal process work with email-validated certificates?

Last updated: 2022-03-29

I have an email-validated certificate with AWS Certificate Manager (ACM). How does ACM managed renewal work with email-validated certificates?

Resolution

ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. An email-validated certificate is eligible for renewal if it's associated with AWS services integrated with AWS Certificate Manager.

ACM certificates are valid for 13 months (395 days). To be renewed, email-validated certificates require an action by the domain owner. ACM begins sending renewal notices 45 days before expiration, using the domain's WHOIS mailbox addresses and to five common administrator addresses. The notifications contain a link that the domain owner can choose for renewal. After all listed domains are validated, ACM issues a renewed certificate with the same ARN. For more information, see Renewal for domains validated by email.

You can use the AWS Certificate Manager console or the ACM API to request that ACM send you a domain validation email for your certificate renewal. For instructions, see Request a domain validation email message.

You can also use automation with ACM certificates that are email-validated instead of manually validating certificates. For instructions, see Automating email validation.

Note: These scenarios don't apply if you use DNS to validate domain ownership.