Do you have to purchase the domain from Route53, in order for the ACM certificate to automatically renew?
The exam tips states: "SSL certificates renew automatically, provided you purchase the domain from Route53 and it’s not for an Route53 private hosted zone."
AWS documentation say’s "ACM can automatically renew DNS-validated certificates before they expire, as long as the DNS record remains in place and the certificates are in use. Renewals are fully automatic and touchless."
If you use a different registrar and host the ACM CNAME record outside of Route53, will you still achieve automatic renewal; assuming AWS can resolve the CNAME record at your registrar (outside of AWS Route53)?
2 Answers
"Automatic renewal is not available for either imported certificates or for certificates associated with Route 53 private hosted zones. You must renew these manually. For more information, see How Manual Domain Validation Works."
https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
Hello Stacy,
UPDATE for clarification: You do not need to purchase the domain from Route53. I am not sure why the exam tip says that, but it would be worthwhile bringing it up with the course author. My domain wasn’t purchased through Route53, and it renewed automatically this year.
I can confirm that ACM can renew your certificate for domains purchased from another registrar.
The process requires that you click on a confirmation link that in an automatically-generated e-mail sent by AWS to the various validation e-mails (ex: webmaster@yourdomain.com).
If your AWS root account is different than any of your domain validation e-mail addresses, a reminder is sent to your AWS root account e-mail to check the validation e-mail inboxes.
Regards,
Trevor
Hi Trevor, thank you for this additional information. At the end of this particular course content, my attention was drawn to the exam tip outlined below: "SSL certificates renew automatically, provided you purchase the domain from Route53 and it’s not for an Route53 private hosted zone." I am seeking clarification regarding this comment and the mention of purchasing the domain from Route53. All the best, Stacy
You do not need to purchase the domain from Route53. I am not sure why the exam tip says that, but it would be worthwhile bringing it up with the course author. My domain wasn’t purchased through Route53, and it renewed automatically.
I was going to ask if the renewal was also for domains transfered to Route 53, so it looks like the answer to that is "yes".