I received the following email from aws and have no idea about what I shall do, if you could help, it would be great!
Greetings from Amazon Web Services,
You have an AWS Certificate Manager (ACM) SSL/TLS certificate in your AWS account that expires on May 07, 2022 at 23:59:59 UTC. That certificate includes the primary domain onearth.studio and a total of 1 domains.
ACM was unable to automatically renew your certificate. The domain validation method for this certificate is email validation. This method requires the domain owner or someone authorized by the domain owner to take one of the following actions before May 07, 2022 at 23:59:59 UTC. If no action is taken, the certificate will expire, which might cause your website or application to become unreachable.
If you can write records into your DNS configuration, you can replace all of your existing email-validated certificates with DNS-validated certificates. After you add a CNAME record to your DNS configuration, ACM can automatically renew your certificate as long as the record remains in place. You can learn more about DNS validation in the ACM User Guide.[1]
If you want to continue using email validation to renew this certificate, the domain owners must use the approval link that was sent in a separate validation request email. The validation email is valid for 3 days. ACM customers can resend the validation email after receiving the first notification or any time up until 3 days after the certificate expires. For more information on how to resend a validation email, refer to the ACM User Guide.[2]
Thx for your answer, I not really sure to understand, they are talking about a certificate that I do not use, is it correct? Does it mean that I have nothing to do?
They wrote: "If no action is taken, the certificate will expire, which might cause your website or application to become unreachable." Hope my website will still be reachable!
Only you can know if you're using the certificate. By opening your website just once, it wasn' t using it. But it might use several certificates and whatnot.
You created the AWS ACM cert last April 2021. Did you experiment with using AWS CloudFront or an Elastic Load Balancer back then? Those are common ways of getting an AWS ACM cert.
I also see your website server is currently sending out the Let's Encrypt cert so it does not look like you are using the AWS one anymore.
Thanks for helping! I do not remember if I used AWS CloudFront or an Elastic Load Balancer and I don't know where to look in order to know which one I have used.
aws wrote that I have to do an action before May 07, 2022 at 23:59:59 UTC, before tonight (I am in France).
Sign on to your AWS Console and go to the AWS Certificate Manager section. You will see more details about the cert there. Any questions are best addressed to AWS though. This is a Let's Encrypt help forum after all
Sorry about that! I am not familiar at all with cert, I didn't know it was only an aws issue. I will have a look at aws Certificate Manager section and I let you know.
It seems to me that I have done something wrong, on aws they say "ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates." it is strange because I though I was only using Let's Encrypt.
9peppe and you saw that my website server is sending out Let's Encrypt cert, I hope it's the only one needed.
Did you go into your AWS Console like I suggested? Because you should see that cert listed in the Certificate Manager section. It has a column for "in use". Is it in use?
More details are shown when you click on the cert in that section. One of those detailed categories is "Associated resources". What AWS service is listed, if any? Are you still using that service? Only you can know whether it is needed.
Mind, this really has nothing to do with Let's Encrypt. I happen to know this because I have an AWS account myself and use those services.
Your best hosting provider is one that you can understand and manage. Let's Encrypt has a list of hosting providers to consider.
Yes I have been to my aws Console, I see in EC2 Dashboard that my instance is running, I can connect to it but I do not find the Certificate Manager section. I've made some research on internet but I can't find it!
You and 9peppe were right, it looks like my website is using only Let's Encript cert (which is a great great thing to know), because today I can still access to my website (https://www.onearth.studio) even if I don't have any certificates on AWS.
Thank you a lot for you help yesterday, I finally found the "hamburger" and the list of certificate and I see today:
Certificates (0) ( There are no certificates in your account.).
Unfortunately I saw your answer only this morning and not yesterday evening, I will never understand why I had an AWS cert the first time.
Let's Encrypt forum and mostly people responding to my requests are just amazing: everytime I ask a question, I got a clear and rapid answer, it is extremely usefull, I love it!
I dream of a Let's Encrypt Hosting Service manage by Let's Encrypt team.