8

I have been managing Let's Encrypt's SSL certificates for a domain.

Now I am moving to Amazon API gateway. I will be using the AWS Certificate Manager to generate HTTPS certificates for the root domain and a bunch of subdomains.

If I make the transfer, what happens to my current HTTPS certificate which is associated with my domain. If browsers suddenly start seeing a new HTTPS certificate for a domain, for which they had been getting a different HTTPS certificate until now, would this be a problem?

Also, once I make the shift, what do I do with my current (manually managed) Let's Encrypt certificate? Is there a way to permanently void it?

Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145
treecoder
  • 43,129
  • 22
  • 67
  • 91

2 Answers2

7

Szabolcs Dombi says

You can have multiple valid certificates for the same domain at the same time. Moving from one certificate issuer to another should not cause a problem.

Toby Osbourn says

SSL certificates don’t last forever, most of them need to be renewed on a yearly cycle and occasionally you will want to change the type of the SSL certificate mid-cycle.

Since you are replacing certificates, I suggest you to back up the ones you have.

Once you have backed up the old certificates, just overwrite the .crt and .key files with your new ones. Then, reload your web server so it knows to look at these new certificates, and you should be good to go.

If it's within your interest to know more about how to Generate SSL certificate using Amazon Certificate Manager (ACM), I suggest Barguzar, A. (July 2018). Building Serverless Python Web Services with Zappa. where one can read a good step by step guide. See an excerpt of it below:

ACM is a service that manages and creates SSL/TSL certificates for AWS-based services and applications. An ACM certificate works with multiple domain names and subdomains. You can also use ACM to create a wildcard SSL.

ACM is strictly linked with AWS Certificate Manager Private Certificate Authority (ACM PCA). ACM PCA is responsible for validating the domain authority and issuing the certificate.

Tiago Martins Peres
  • 14,289
  • 18
  • 86
  • 145
2

You can have multiple valid certificates for the same domain at the same time. Moving from one certificate issuer to another should not cause a problem. This also means that if you create a new certificate the old one still can be used unless it already expired.

Szabolcs Dombi
  • 5,493
  • 3
  • 39
  • 71