I imported my SSL certificate and certificate chain into AWS Certificate Manager (ACM). I want to associate the certificate with my Amazon CloudFront distribution, but I'm getting the error message "The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain." How can I resolve this error?

The error message indicates that the certificate doesn't meet one or more of the following requirements for importing into ACM, or for association with a distribution:

  • The certificate must be imported in the US East (N. Virginia) Region.
  • The certificate must be 2048 bits or smaller.
  • The certificate must not be password-protected.
  • The certificate must be PEM-encoded.

To associate the imported certificate and certificate chain to your CloudFront distribution, you must be sure they meet these requirements. Or, you can request a public certificate from ACM in the US East (N. Virginia) Region to meet the requirements. Then, you can associate the newly requested certificate with your distribution.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-06-20