Why can't I find my imported ACM certificate for my load balancer or CloudFront distribution?
I used AWS Certificate Manager (ACM) to request or import a certificate. I tried to configure a load balancer or Amazon CloudFront distribution, but I can't find the certificate.
Short description
If a certificate isn't issued for your domain name, then you can use ACM to request a public certificate. To use a third-party certificate with a load balancer, import the certificate into ACM or upload the certificate to AWS Identity and Access Management (IAM).
Important:
- If you support HTTPS connections in an AWS Region that ACM doesn't support, then it's a best practice to manage your certificates in IAM.
- You can use ACM certificates only with AWS services that are integrated with ACM.
The following reasons can cause you not to find your imported certificate or ACM certificate:
- The imported certificate uses an unsupported key algorithm or key size.
- You didn't request the ACM certificate in the same AWS Region as your load balancer or CloudFront distribution.
- The imported certificate doesn't have a fully qualified domain name (FQDN) or IP address.
Resolution
The imported certificate use an unsupported key algorithm or key size
Although ACM allows certificates with key algorithms of RSA 4096-bit and ECDSA, you can't associate these certificates with all load balancers.
For key algorithms that Network Load Balancers support, see Supported key algorithms.
For Application Load Balancers, you can use imported certificates with the following key algorithms and key sizes:
- RSA 1024-bit
- RSA 2048-bit
- RSA 4096-bit
- RSA up to 16384 bits
- ECDSA
For Classic Load Balancers, you can use RSA 4096-bit and RSA 2048-bit.
To install an SSL/TLS certificate, follow these instructions for your load balancer type:
- Configure an HTTPS listener for your Classic Load Balancer
- Create an HTTP listener for your Application Load Balancer
- Create a listener for your Network Load Balancer
If ACM doesn't support the imported certificate, then import the SSL/TLS certificate to IAM. Then, associate the imported certificate with the load balancer. For more information, see Uploading a server certificate (AWS API).
For information about the key sizes that CloudFront distributions support, see Size of the certificate key.
To install the SSL/TLS certificate on a CloudFront distribution, see Use HTTPS with CloudFront.
You didn't request the ACM certificate in the same Region as your load balancer or CloudFront distribution
You must request or import ACM certificates in the same Region as your load balancer.
To use the ACM certificates with CloudFront, you must import or request the certificates in the US East (N. Virginia) Region. For more information, see AWS Region for ACM.
The imported certificate doesn't have an FQDN or IP address
To use an imported certificate with a load balancer, the certificate must have an FQDN or IP address that's associated with the load balancer or website.
For more information, see Prerequisites for importing certificates.
Related information
How can I add certificates for multiple domains to a load balancer using AWS Certificate Manager?
How do I configure my CloudFront distribution to use an SSL/TLS certificate?
Relevant content
- Accepted Answer
asked a year ago - Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
