I'm using a certificate from AWS Certificate Manager (ACM), and my clients are receiving warning messages that say the connection is not secure or private. What can I do to resolve these certificate error messages?

If you are using HTTPS connections, a server certificate is required. A server certificate is an x.509 v3 data structure that is signed by a certificate authority (CA). A server certificate contains the name of the server, the validity period, the public key and other data. When your browser accesses the web server, all the data fields must be valid. If any data fields are considered invalid—like the validity period or the name of the server—your browser considers the connection to be insecure, and you might receive an error message.

You can receive an error message like this if:

  • The certificate is not valid for the name of the server.
  • The certificate is expired.
  • The SSL/TLS certificate for the website is not trusted.

The certificate is not valid for the name of the server

Check the domain that you are accessing and check the domain names included in your certificate. You can view the domain name using your own browser and by checking the certificate details. The domain in the URL must match at least one of the domain names included in the certificate.

If you use a wildcard name (*), the wildcard matches only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but the wildcard cannot protect test.login.example.com nor example.com. If your website can be accessed by example.com and www.example.com, you can add multiple domain names to your certificate to cover other possible names of your website. For more information, see Request a Certificate.

The certificate is expired

If you use an ACM-issued certificate, ACM tries to renew the certificate automatically. If the certificate is expired, you must issue or import a new certificate. After a new certificate has been issued, confirm that your DNS records are pointing to the AWS resource, such as a load balancer, where the ACM certificate is used. For more information, see Troubleshoot Managed Certificate Renewal Problems.

The SSL/TLS certificate for the website is not trusted

ACM-issued certificates are trusted by trusted by most modern browsers, operating systems, and mobile devices. Update your browser to the latest version or try to access the domain from a different computer and browser. If you imported a self-signed certificate using AWS Certificate Manager (ACM), the certificate might not be trusted by some browsers. To resolve this error, Request a Certificate using ACM or contact your CA.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2018-05-02