Expired ACM certificate

Neglected assets

Expired ACM certificate

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Description

ACM Certificate ('{AwsCertificate}') expired on {AwsCertificate.ExpirationDate} and should be renewed or deleted. Removing expired ssl certificates eliminates the risk that an invalid certificate will be deployed accidentally to another resource (such as ELB), action that can trigger front-end errors and damage the credibility of the web application/website behind the load balancer.

Recommended Mitigation

Renew or delete ACM Certificate. ## Remediation --- Sign in to the AWS Management Console, open the **[ACM console](https://console.aws.amazon.com/acm)**, and choose one of the following: >1. Delete the expired certificate: >>a. Choose the desired certificate. >>b. Choose **Delete**. >>c. In the confirmation dialog box, type **delete** in the text input field to confirm the deletion of the certificate. Choose **Delete**. >2. Renew the expired certificate: >>When a certificate comes up for renewal, ACM uses the same method that you chose earlier to re-validate your ownership (DNS/email). The following topics describe how the renewal process works in each case: >>- **[Renewal for domains validated by DNS](https://docs.aws.amazon.com/acm/latest/userguide/dns-renewal-validation.html)**. >>- **[Renewal for domains validated by email](https://docs.aws.amazon.com/acm/latest/userguide/email-renewal-validation.html)**.

Expired ACM certificate

Description

Need help?