Wondering how to fix “Cloudfront shows old SSL Certificate” ? We can help you!
Often our customers report to us that even after renewing Amazon-issued SSL certificate on AWS Certificate Manager (ACM) CloudFront shows the previous version. This is the same if the SSL certificate is reimported to ACM.
Here at Bobcares, we fix similar issues of our customers as a part of our Server Management Services.
Today let’s see how our Support Engineers do this for our customers.
How to fix Cloudfront showing old SSL Certificate
We can fix this issue by Importing a new certificate.
This can be done either by using the AWS Management Console, the AWS CLI, or the ACM API.
Importing via console
Following are the steps our Support Techs use for importing a certificate using the AWS Management Console:
1.. Firstly, open the ACM console at https://console.aws.amazon.com/acm/home.
2. Then select Import a certificate.
3. After that we must do the following:
a) For Certificate body we must paste the PEM-encoded certificate to import.
The certificate may begin with
-----BEGIN CERTIFICATE----- and end with
b) And for Certificate private key we must paste the certificate’s PEM-encoded, unencrypted private key.
This certificate may begin with
-----BEGIN PRIVATE KEY----- and end with
-----END PRIVATE KEY-----.
4. Now click on Review and import.
5. Then check the displayed metadata about the certificate to ensure that it is what we intended.
The fields include the following:
Domains — A list of fully qualified domain names (FQDN) authenticated by the certificate Expires in — The number of days until the certificate expires Public key info — The cryptographic algorithm used to generate the key pair Signature algorithm — The cryptographic algorithm used to create the certificate's signature Can be used with — A list of ACM integrated services that support the type of certificate you are importing
6. Finally if everything seems to be fine, click Import.
Importing via AWS CLI
In the following example we will see how to import a certificate using the AWS Command Line Interface (AWS CLI).
We will assume the following for importing certificate in this example:
The PEM-encoded certificate is stored in a file named
Certificate.pem. The PEM-encoded certificate chain is stored in a file named
CertificateChain.pem. The PEM-encoded, unencrypted private key is stored in a file named
We can use the following command to import certificate:
$ aws acm import-certificate --certificate fileb://
Certificate.pem\ --certificate-chain fileb://
CertificateChain.pem\ --private-key fileb://
import-certificate command is successful, it returns the Amazon Resource Name (ARN) of the imported certificate.
[Need assistance? We can help you]
To conclude, we saw the steps that our Support Techs follow to fix cloudfront issue of showing old SSL certificate.