I am renewing a certificate using AWS Certificate Manager (ACM), and I want to resend the validation email. However, the option is unavailable, or I receive an error message. How do I resolve this issue?

If you Use Email to Validate Domain Ownership, then ACM sends emails to the three contact addresses listed in WHOIS and to the five common system addresses for the domains specified in the certificate request. If the certificate's renewal status is pending validation, you can Request a Domain Validation Email for Certificate Renewal.

You can't resend the validation email if:

  • The certificate renewal status isn't pending validation.
  • The certificate renewal status is pending validation, and the subject alternative name (SAN) doesn't have the domain validation status as pending validation.
  • The domain was validated using Domain Name System (DNS).

The certificate renewal status isn't pending validation

Follow the instructions to Check a Certificate's Renewal Status. If the certificate renewal status isn't pending validation, then the option to resend the validation email is unavailable (grayed out), or you receive the following error message:

Certificate arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e is not using EMAIL validation for domain example.com.

If the certificate's renewal status is pending validation, then resend the validation email.

If the certificate's renewal status is failed, then you can't request to resend the validation email. Instead, you must Request a Public Certificate.

The certificate renewal status is pending validation, and the subject alternative name (SAN) does not have the domain validation status as pending validation

During the renewal process, if at least one of your domains is automatically validated and you attempt to resend validation emails for the same domains, then you receive the following error:

Certificate arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e is not using EMAIL validation for domain example.com.

To confirm which domains still must be validated, see describe-certificate. You can use the AWS Command Line Interface (AWS CLI) to specify the base validation domain for the email that isn't validated. For more information, see resend-validation-email.

The domain was validated using DNS

If you Use DNS to Validate Domain Ownership, the validation email can't be sent again, and the option to resend the validation isn't available (grayed out) in the AWS Certificate Manager console. If you're using the AWS CLI, you might receive the following error message:  

An error occurred (InvalidStateException) when calling the ResendValidationEmail operation: Certificate arn:aws:acm:us-arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e is not using EMAIL validation for domain example.com.

For more information, see Use DNS to Validate Domain Ownership.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-05-09

Updated: 2019-01-14