Renewal for domains validated by HTTP - Amazon Certificate Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Renewal for domains validated by HTTP

ACM provides automated managed renewal for certificates that were originally issued using HTTP validation through CloudFront.

At 60 days prior to expiration, ACM checks for the following renewal criteria:

  • The certificate is currently in use by CloudFront.

  • All required HTTP validation records are accessible and contain the expected content.

If these criteria are met, ACM considers the domain names validated and renews the certificate.

ACM sends Amazon Health events and Amazon EventBridge events if it can't automatically validate a domain during renewal. These events are sent at 45 days, 30 days, 15 days, seven days, three days, and one day prior to expiration. For more information, see Amazon EventBridge support for ACM.

To ensure successful renewal, make sure that the content at the RedirectFrom location matches the content at the RedirectTo location for each domain in the certificate.