Description: 

AWS Certificate Manager (ACM) service. ACM handles the complexity of creating and managing public SSL/TLS certificates for your AWS based websites and applications. ACM certificates can secure multiple domain names and multiple names within a domain. You can also use ACM to create wildcard SSL certificates that can protect an unlimited number of subdomains. 


Rationale: 

Check to see  AWS Certificates expire in 7 days can help understand.


Remediation:

ACM attempts to automatically renew your ACM certificate sixty days prior to expiration. See How Domain Validation Works. If ACM cannot automatically renew your certificate, it sends certificate renewal event notices to your Personal Health Dashboard at 45 day, 30 day, 15 day, 7 day, 3 day, and 1 day intervals from expiration to inform you that you need to take action. The Personal Health Dashboard is part of the AWS Health service. It requires no setup and can be viewed by any user that is authenticated in your account.


To use the Personal Health Dashboard:

  •     Log in to the Personal Health Dashboard at https://phd.aws.amazon.com/phd/home#/
  •     Choose Event log.
  •     For Filter by tags or attributes, choose Service.
  •     Choose Certificate Manager.
  •     Choose Apply.
  •     For Event category choose Scheduled Change.
  •     Choose Apply.


If ACM has recently renewed an ACM certificate, you will see information similar to the following. 


Resources: 

https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html

https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html