Certificates that are not renewed before their expiration date become invalid. Invalid certificates make communication between the client and AWS resources insecure. Check to see AWS Certificates expire in 7 days can help understand.
ACM attempts to automatically renew your ACM certificate 60 days before expiration. If ACM cannot automatically renew your certificate, it sends certificate renewal event notices to your AWS Personal Health Dashboard at 45 days, 30 days, 15 days, 7 days, 3 days, and 1-day intervals from expiration to inform you that you need to take action. The AWS Personal Health Dashboard is part of the AWS Health service. It requires no setup and can be viewed by any user that is authenticated in your account.
ACM attempts to automatically renew your ACM certificate sixty days before expiration.
ACM certificates need to be there in your AWS account
4. If you don't see the status, ACM hasn't started the managed renewal process for this certificate.
Step1: Sign in to the AWS Management Console
Step2: Navigate to the AWS ACM dashboard at https://console.aws.amazon.com/acm/.
Step3:Select the SSL/TLS certificate that you want to examine and click on the Show/Hide Details button
Step4: Inside the Details section, verify the certificate expiration information
If the Expires in the attribute value is set to 30 days, the selected SSL/TLS certificate is expiring in 30 days and should be renewed soon
Step5: Click the Actions button from the dashboard top menu and select the Reimport certificate option from the dropdown menu.
Step6: On the Import a certificate page, perform the following actions
1. For Certificate body*, paste the PEM-encoded certificate to import, purchased from your SSL certificate provider.
2. For Certificate private key*, paste the PEM-encoded, unencrypted private key that matches the SSL/TLS certificate public key
3. Click the Review and import button to continue the process.
Step7: On the Review and import page, review the imported certificate details then click Import to confirm the action and complete the renewal process
Using AWS CLI:
aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
Back out Plan:
If you want to revoke the changes follow the implementation steps undo 6step and schedule your event days