AWS Security ChangesHomeSearch

AWS acm documentation change

Service: acm · 2025-05-01 · Documentation low

File: acm/latest/userguide/domain-ownership-validation.md

Summary

Added HTTP validation as a domain ownership method for CloudFront certificates and updated validation recommendations

Security assessment

Introduces HTTP validation as a new security feature for domain ownership proof, but does not address a specific vulnerability. Enhances security documentation by offering alternative validation methods.

Diff

diff --git a/acm/latest/userguide/domain-ownership-validation.md b/acm/latest/userguide/domain-ownership-validation.md
index 718470432..6a4cddf0a 100644
--- a//acm/latest/userguide/domain-ownership-validation.md
+++ b//acm/latest/userguide/domain-ownership-validation.md
@@ -7 +7 @@
-Before the Amazon certificate authority (CA) can issue a certificate for your site, AWS Certificate Manager (ACM) must prove that you own or control all of the domain names that you specify in your request. You can choose to prove your ownership with either Domain Name System (DNS) validation or with email validation at the time you request a certificate. 
+Before the Amazon certificate authority (CA) can issue a certificate for your site, AWS Certificate Manager (ACM) must prove that you own or control all of the domain names that you specify in your request. You can choose to prove your ownership with Domain Name System (DNS) validation, email validation, or HTTP validation when you request a certificate.
@@ -13 +13 @@ Validation applies only to publicly trusted certificates issued by ACM. ACM does
-In general, we recommend using DNS validation over email validation for the following reasons:
+We recommend using DNS validation over email validation for the following reasons:
@@ -19 +19 @@ In general, we recommend using DNS validation over email validation for the foll
-  * To be renewed, email-validated certificates require an action by the domain owner. ACM begins sending renewal notices 45 days before expiration. These notices go to one or more of the domain's five common administrator addresses. The notifications contain a link that the domain owner can click for easy renewal. Once all listed domains are validated, ACM issues a renewed certificate with the same ARN.
+  * Email-validated certificates require an action by the domain owner to be renewed. ACM begins sending renewal notices 45 days before expiration. These notices go to one or more of the domain's five common administrator addresses. The notifications contain a link that the domain owner can click for easy renewal. Once all listed domains are validated, ACM issues a renewed certificate with the same ARN.
@@ -24 +24,3 @@ In general, we recommend using DNS validation over email validation for the foll
-If you lack authorization to edit your domain's DNS database, you must use [email validation](./email-validation.html) instead.
+If you can't edit your domain's DNS database, you must use [email validation](./email-validation.html) instead.
+
+HTTP validation is available for certificates used with CloudFront. This method uses HTTP redirects to prove domain ownership and offers automatic renewal similar to DNS validation.
@@ -35,0 +38,2 @@ After you create a certificate with email validation, you cannot switch to valid
+  * [AWS Certificate Manager HTTP validation](./http-validation.html)
+