aws-acm

Request a new SSL/TLS certificate

$ aws acm request-certificate --domain-name [example.com] --validation-method DNS

$ aws acm list-certificates

$ aws acm describe-certificate --certificate-arn [arn]

$ aws acm import-certificate --certificate [file://cert.pem] --private-key [file://key.pem]

$ aws acm export-certificate --certificate-arn [arn] --passphrase [file://pass.txt]

$ aws acm delete-certificate --certificate-arn [arn]

aws acm command [options]

AWS Certificate Manager (ACM) is a service for provisioning, managing, deploying, and renewing SSL/TLS certificates for AWS-based websites and applications. It simplifies certificate lifecycle management by handling complex tasks like certificate creation, validation, renewal, and deployment.
ACM provides public certificates at no additional charge for use with AWS services like Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. It also supports private certificates for internal resources using AWS Certificate Manager Private Certificate Authority (PCA).
The service automates certificate renewal for ACM-issued certificates, eliminating manual renewal processes and reducing the risk of certificate expiration. Certificates can be validated through DNS validation (recommended) or email validation.
ACM integrates seamlessly with AWS services, allowing automatic deployment and renewal of certificates without manual intervention. Certificates managed by ACM cannot be downloaded but can be exported if they were imported or are private certificates.

add-tags-to-certificate

Add metadata tags to an ACM certificate for organization and billing

Permanently delete a certificate (must not be in use)

Retrieve detailed information about a certificate including status, domain names, and validation details

Export a private certificate and its private key (requires passphrase)

Retrieve account-level ACM configuration settings

Retrieve certificate and certificate chain in PEM format

Import a third-party certificate into ACM for management

List all certificates with optional filtering by status

List all tags attached to a specific certificate

Configure account-level ACM settings like expiration events

Remove metadata tags from a certificate

Manually renew an eligible certificate

Request a new public SSL/TLS certificate from ACM

Resend domain validation email for email-based validation

Update certificate configuration like certificate transparency logging

Wait for certificate state changes (issued, validated)

Certificates managed by ACM cannot be exported unless they were imported or are private certificates. Certificate deletion is permanent and cannot be undone. Certificates must not be associated with any AWS resources before deletion. DNS validation requires the ability to modify DNS records for the domain.

AWS Certificate Manager was launched in January 2016 to simplify SSL/TLS certificate management on AWS. Initially supporting only Elastic Load Balancing, it expanded to CloudFront, API Gateway, and other services. Private CA support was added in April 2018, and DNS validation became available to streamline the validation process.

aws-acm-pca(1), aws-elbv2(1), aws-cloudfront(1), aws-apigateway(1), aws(1)