Amazon Certificate Manager Pro Tip

Avoid email validation and use DNS Validation Method and wildcards for sanity reasons

Published: Thursday, Dec 3, 2020 Last modified: Monday, Jun 14, 2021

Receiving “To approve this request, go to Amazon Certificate Approvals”? You are doing it wrong!

AVOID URGENT Action Required - Your certificate renewal

I have a script like so:

awsargs="--region us-east-1"
trap "{ rm -f $certs; }" EXIT

if test -z "$1"
aws $awsargs acm list-certificates \
| jq '.CertificateSummaryList|sort_by(.DomainName)' > "$certs"
aws $awsargs acm list-certificates \
| jq --arg search_string "$1" '[.CertificateSummaryList[]|select(.DomainName | contains($search_string))]' > "$certs"

while read -r arn
	aws $awsargs acm describe-certificate --certificate-arn "$arn" | \
	jq '"\(.Certificate.DomainName),\(.Certificate.DomainValidationOptions[1].ValidationMethod),\(.Certificate.CertificateArn)"'
done <<< $(jq -r .[].CertificateArn "$certs")

From here you want to try get rid of email validation style certificate requests!