Automate export of a renewed certificate
When you use Amazon Private CA to create a CA, you can import that CA into Amazon Certificate Manager and let ACM manage certificate issuance and renewal. If a certificate being renewed is associated with an integrated service, the service seamlessly applies the new certificate. However, if the certificate was originally exported for use elsewhere in your PKI environment (for example, in an on-premises server or appliance), you need to export it again after renewal.
For a sample solution that automates the ACM export process using Amazon EventBridge and Amazon Lambda, see Automating export of renewed certificates.