AWS acm documentation change
Summary
Added HTTP validation renewal documentation and restructured sections
Security assessment
Added guidance for HTTP-validated certificate renewals including redirect configuration requirements, which helps maintain secure certificate management practices but doesn't address a specific vulnerability.
Diff
diff --git a/acm/latest/userguide/troubleshooting-renewal.md b/acm/latest/userguide/troubleshooting-renewal.md index b0867edb5..1b9bc6177 100644 --- a//acm/latest/userguide/troubleshooting-renewal.md +++ b//acm/latest/userguide/troubleshooting-renewal.md @@ -5 +5 @@ -Preparing for automatic domain validationHandling failures in managed certificate renewal +Preparing for automatic domain validationHandling failures in managed certificate renewalManaged certificate renewal for email-validated certificatesManaged certificate renewal for DNS-validated certificatesManaged certificate renewal for HTTP-validated certificatesUnderstanding renewal timing @@ -20,0 +21,2 @@ Before ACM can renew your certificates automatically, the following must be true + * For HTTP-validated certificates, make sure that your redirects are configured as described in [AWS Certificate Manager HTTP validation](./http-validation.html). + @@ -28 +30 @@ As the certificate nears expiration (60 days for DNS, 45 for EMAIL and 60 days f -### Managed certificate renewal for email-validated certificates +## Managed certificate renewal for email-validated certificates @@ -34 +36 @@ See [Validate with Email](./email-validation.html) for instructions on identifyi -### Managed certificate renewal for DNS-validated certificates +## Managed certificate renewal for DNS-validated certificates @@ -54 +56,13 @@ If the problem persists, contact the [Support Center](https://console.aws.amazon -### Understanding renewal timing +## Managed certificate renewal for HTTP-validated certificates + +ACM attempts to renew HTTP-validated certificates automatically. If renewal fails, it's likely due to issues with the HTTP validation records. In such cases, ACM notifies you that the certificate couldn't be renewed automatically. + +###### Important + +You must ensure that the content at the `RedirectFrom` location matches the content at the `RedirectTo` location for each domain in the certificate. + +You can find the HTTP validation information for your domains by expanding your certificate and its domain entries in the ACM console. You can also retrieve this information using the [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) operation in the ACM API or the [describe-certificate](https://docs.aws.amazon.com/cli/latest/reference/acm/describe-certificate.html) command in the ACM CLI. For more information, see [AWS Certificate Manager HTTP validation](./http-validation.html). + +If the problem persists, contact the [Support Center](https://console.aws.amazon.com/support). + +## Understanding renewal timing @@ -64 +78 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Email validation +Validation timeout