Why can't I find my imported certificate for my load balancer or CloudFront distribution?

Last updated: 2019-08-09

I requested or imported a certificate using AWS Certificate Manager (ACM). I'm configuring a load balancer or Amazon CloudFront distribution, but I can't find the certificate.  

Short Description

If you don't have a certificate issued for your domain name, you can request a public certificate using ACM. To use a third-party certificate with a load balancer, you can either import the certificate into ACM or upload a certificate to AWS Identity and Access Management (IAM).

Note: ACM certificates can be used only with services integrated with ACM.

You might not find the imported certificate or ACM certificate if:

  • The certificate imported into ACM is using an algorithm other that 1024-bit RSA or 2048-bit RSA.
  • The ACM certificate wasn't requested in the same AWS Region as your load balancer or CloudFront distribution.

Resolution

The certificate imported into ACM is using algorithms other than 1024-bit RSA or 2048-bit RSA

Although ACM allows you to import certificates with a key algorithm of 4096-bit RSA and EC, these certificates can't be associated with load balancers through integration with ACM.

The following imported key algorithms can be used with load balancers:

Algorithm

ACM (Preferred)

IAM

1024-bit RSA (RSA_1024) Yes Yes
2048-bit RSA (RSA_2048) Yes Yes
RSA (up to 16384 bits)   Yes
Elliptic Curve (ECDSA)   Yes

If the imported certificate isn't supported by ACM, follow the instructions to import an SSL certificate to IAM. Then, associate the imported certificate with the load balancer. For more information, see Uploading a Server Certificate (AWS API).

To install an SSL certificate on the load balancer, see the following steps based on the type of load balancer that you're using:

For CloudFront distributions, the certificate’s key algorithms must be 1024 bit-RSA or 2048-bit RSA. For more information, see Size of the Public Key.

To install the SSL certificate on CloudFront distribution, see Using HTTPS with CloudFront.

The ACM certificate wasn't requested in the same AWS Region as your load balancer or CloudFront distribution

ACM certificates must be requested or imported in the same AWS Region as your Classic Load Balancer or Application Load Balancer.

To use the ACM certificates with Amazon CloudFront, the certificates must be imported or requested in the US East (N. Virginia) Region. For more information, see AWS Region that You Request a Certificate In (for AWS Certificate Manager).