<  Back to rules search

ACM certificate issue request is validated

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Validate all Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates in Amazon Certificate Manager (ACM).

Rationale

Requests for AMC certificates time out if they are not not validated within 72 hours. If a certificate is not validated, it can interrupt an application or service.

Remediation

Console

Follow the Setting Up DNS Validation or Resending Validation Email docs to validate a certificate in the AWS Console or by email.

CLI

  1. Run resend-validation-email using the ARN of the invalid certificate with your domain and validation-domain.

    resend-validation-email.sh

        aws acm resend-validation-email
          --certificate-arn arn:aws:acm:us-east-1:1234567890:certificate/a1b2345c-d678-9123-4567-89ab12c2345d
          --domain www.example.com
          --validation-domain example.com
        
  2. Click the link in the generated email to navigate to the Amazon Certificates Approvals page, and click the I Approve button.