Why is my ACM certificate marked as ineligible for renewal?
Last updated: 2022-06-09
I want to renew my AWS Certificate Manager (ACM) certificate. However, the certificate details value is ineligible for renewal.
ACM certificates might be ineligible for renewal if:
- The certificate isn't associated with another AWS service.
- The certificate is expired.
- The certificate is imported.
- It's a private certificate issued with the IssueCertificate API call.
Follow these instructions for your use case.
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
The certificate isn't associated with another AWS service
ACM certificates must be associated with another AWS service such as Elastic Load Balancing (ELB).
If the certificate details metadata In use? value is No, this means that your ACM certificate isn't associated with an AWS service.
For a list of supported AWS services with ACM, see Services integrated with AWS Certificate Manager.
The certificate is expired
Expired certificates aren't eligible for renewal. If the certificate is expired, you can request a new certificate.
For more information, see Check a certificate's renewal status.
The certificate is imported
ACM doesn't provide managed renewal for imported certificates. To renew an imported certificate, request a new certificate from your certificate issuer. Then, follow the instructions to manually reimport the certificate into ACM.
Private certificate issued with the IssueCertificate API call
ACM doesn't manage the renewal of private certificates issued by calling the ACM Private CA IssueCertificate API. You can request a new certificate before the certificates expiration date from your CA.
For more information, see Managed renewal for ACM certificates.