Description

Remove expired Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates with AWS Certificate Manager (ACM).

Rationale

Expired AWS ACM SSL/TLS certificates that are deployed to another resource are at risk of triggering front-end errors and compromising the credibility of a web application.

Remediation

From the console

Follow the Deleting Certificates Managed by ACM docs to learn how to delete SSL/TLS certifications in the AWS Console.

From the command line

1. Run the delete-certificate command to remove the invalid certificate.

   aws acm delete-certificate --certificate-arn insert-certificate-arn-here