Amazon Certificate Manager Pro Tip

Avoid email validation and use DNS Validation Method and wildcards for sanity reasons

Published: Thursday, Dec 3, 2020 Last modified: Thursday, Feb 15, 2024

If you are receiving “To approve this request, go to Amazon Certificate Approvals”? You are doing it wrong!

How to do SSL with ACM

AVOID URGENT Action Required - Your certificate renewal

I have a script like so:

awsargs="--region us-east-1"
trap "{ rm -f $certs; }" EXIT

if test -z "$1"
aws $awsargs acm list-certificates \
| jq '.CertificateSummaryList|sort_by(.DomainName)' > "$certs"
aws $awsargs acm list-certificates \
| jq --arg search_string "$1" '[.CertificateSummaryList[]|select(.DomainName | contains($search_string))]' > "$certs"

while read -r arn
	aws $awsargs acm describe-certificate --certificate-arn "$arn" | \
	jq '"\(.Certificate.DomainName),\(.Certificate.DomainValidationOptions[1].ValidationMethod),\(.Certificate.CertificateArn)"'
done <<< $(jq -r .[].CertificateArn "$certs")

From here you want to try get rid of email validation style certificate requests!