AWS Security ChangesHomeSearch

AWS acm documentation change

Service: acm · 2025-05-01 · Documentation low

File: acm/latest/userguide/troubleshooting-renewal.md

Summary

Added HTTP validation renewal documentation and restructured sections

Security assessment

Added guidance for HTTP-validated certificate renewals including redirect configuration requirements, which helps maintain secure certificate management practices but doesn't address a specific vulnerability.

Diff

diff --git a/acm/latest/userguide/troubleshooting-renewal.md b/acm/latest/userguide/troubleshooting-renewal.md
index b0867edb5..1b9bc6177 100644
--- a//acm/latest/userguide/troubleshooting-renewal.md
+++ b//acm/latest/userguide/troubleshooting-renewal.md
@@ -5 +5 @@
-Preparing for automatic domain validationHandling failures in managed certificate renewal
+Preparing for automatic domain validationHandling failures in managed certificate renewalManaged certificate renewal for email-validated certificatesManaged certificate renewal for DNS-validated certificatesManaged certificate renewal for HTTP-validated certificatesUnderstanding renewal timing
@@ -20,0 +21,2 @@ Before ACM can renew your certificates automatically, the following must be true
+  * For HTTP-validated certificates, make sure that your redirects are configured as described in [AWS Certificate Manager HTTP validation](./http-validation.html).
+
@@ -28 +30 @@ As the certificate nears expiration (60 days for DNS, 45 for EMAIL and 60 days f
-### Managed certificate renewal for email-validated certificates
+## Managed certificate renewal for email-validated certificates
@@ -34 +36 @@ See [Validate with Email](./email-validation.html) for instructions on identifyi
-### Managed certificate renewal for DNS-validated certificates
+## Managed certificate renewal for DNS-validated certificates
@@ -54 +56,13 @@ If the problem persists, contact the [Support Center](https://console.aws.amazon
-### Understanding renewal timing
+## Managed certificate renewal for HTTP-validated certificates
+
+ACM attempts to renew HTTP-validated certificates automatically. If renewal fails, it's likely due to issues with the HTTP validation records. In such cases, ACM notifies you that the certificate couldn't be renewed automatically.
+
+###### Important
+
+You must ensure that the content at the `RedirectFrom` location matches the content at the `RedirectTo` location for each domain in the certificate.
+
+You can find the HTTP validation information for your domains by expanding your certificate and its domain entries in the ACM console. You can also retrieve this information using the [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) operation in the ACM API or the [describe-certificate](https://docs.aws.amazon.com/cli/latest/reference/acm/describe-certificate.html) command in the ACM CLI. For more information, see [AWS Certificate Manager HTTP validation](./http-validation.html).
+
+If the problem persists, contact the [Support Center](https://console.aws.amazon.com/support).
+
+## Understanding renewal timing
@@ -64 +78 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Email validation
+Validation timeout