AWS Security ChangesHomeSearch

AWS cli medium security documentation change

Service: cli · 2026-06-16 · Security-related medium

File: cli/latest/reference/acm/update-certificate-options.md

Summary

Updated documentation to reflect removal of transparency logging opt-out

Security assessment

Documents enforcement of certificate transparency logging as mandatory security control. Prevents circumvention of certificate monitoring.

Diff

diff --git a/cli/latest/reference/acm/update-certificate-options.md b/cli/latest/reference/acm/update-certificate-options.md
index ca97bb1e7..5aca25535 100644
--- a//cli/latest/reference/acm/update-certificate-options.md
+++ b//cli/latest/reference/acm/update-certificate-options.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
@@ -60 +60 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c
-Updates a certificate. You can use this function to specify whether to opt in to or out of recording your certificate in a certificate transparency log and exporting. For more information, see [Opting Out of Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency) and [Certificate Manager Exportable Managed Certificates](https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html) .
+Updates a certificate. You can use this function to specify whether to export your certificate. Certificate transparency logging opt-out is no longer available. For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) and [Certificate Manager Exportable Managed Certificates](https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html) .
@@ -111 +111 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/acm-20
-> Use to update the options for your certificate. Currently, you can specify whether to add your certificate to a transparency log or export your certificate. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser.
+> Use to update the options for your certificate. Currently, you can specify whether to export your certificate. Certificate transparency logging opt-out is no longer available. All public certificates are recorded in a certificate transparency log. For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) .
@@ -115 +115 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/acm-20
->> You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` .
+>> This parameter has been deprecated. Certificate transparency logging opt-out is no longer available. All public certificates are recorded in a certificate transparency log.
@@ -291 +291 @@ None
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »