Unable to select Custom SSL Certificate (stored in AWS IAM)
Solution 1
It took a whole day to AWS to propagate the new certificate to all of its nodes. Next day when I logged in to my AWS console, the certificate appeared in the dropdown and was enabled as well and I could configure distribution successfully.
Also, be sure to select us-east-1
(N. Virginia) when you make the certificate request; it's the only region that supports it at this time (even if your bucket / asset is in another region)
Solution 2
Only certificates registered in AWS Certificate Manager (ACM) in the US East (N. Virginia) Region will be enabled for use in CloudFront
Solution 3
Import cert into IAM or create one through ACM in us-east-1 as mentioned in the other comments.
Wait for the validation to be complete i.e. not orange.
- Load the cloudfront distribution setting edit page.
- If the Custom SSL option is greyed, logout of the console and log back in. After this step the greyed out option came alive for me. I imagine it being cached somehow and the logout-login refreshing it.
Solution 4
Just wait a few minutes and reload the distribution settings
page to see the custom SSL option ENABLED.
I had the same problem, didn't use my AWS
root account and the IAM
path was correctly set to /cloudfront/
.
Solution 5
Sign in to the console and use this URL: https://console.aws.amazon.com/acm/home?region=us-east-1#/wizard/ and it will work. The key is the region.
Related videos on Youtube
theGeekster
Software Engineer having interest in Software Architecture and Design with experience in: SOA Ruby on Rails PostgreSQL Heroku Github ASP.NET C#, VB.NET Jquery / JavaScript / CoffeeScript JSON REST/SOAP APIs CORS WCF, Web-Services SQL Database (MS SQL Server) No-SQL Database (MongoDB, Radis, etc.) Distributed Databases Dedicated Servers IP-CCTV-Cameras Video Management System SSH-Tunneling Wowza Media Server Streaming/Communication over HTTP/RTSP TDD, Unit Testing Amazon EC2, S3, SES, etc. Microsoft Azure Cloud Services Cloud Servers Setup, RAID Configuration
Updated on February 11, 2021Comments
-
theGeekster about 3 years
I am going to create a new distribution at CloudFront. Already I have uploaded my SSL certificate at AWS IAM using AWS CLI. That certificate appears in the Custom SSL Certificate dropdown on new distribution page but it is DISABLED.
Can someone tell me why is it so ? How to select my custom SSL certificate for this distribution ?
-
elsurudo almost 8 yearsBeen waiting for 3 days now, unfortunately
-
EdsonF over 7 yearsSpot on! This is the solution for this problem - Thanks Ryan
-
Neekey almost 7 yearsRedo the certificate in N. Virginia solved my problem. It's weird certificated actually has different issue status in different regions...lol
-
Terje Dahl over 6 yearsYes, this worked immediately for me also. (I then went back and simply deleted the certificate I made under region=us-west-2)
-
Shea over 6 yearsWhen creating a new CloudFront distribution, Amazon specifically states "You can use a certificate stored in AWS Certificate Manager (ACM) in the US East (N. Virginia) Region, or you can use a certificate stored in IAM."
-
illagrenan over 6 yearsThis is the solution! More relevant link: docs.aws.amazon.com/acm/latest/userguide/acm-regions.html: To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
-
Simon L. Brazell about 6 yearsThis worked for me, I created the cert as a root user but the custom SSL setting was disabled when editing the distribution even though I could see the cert as an option in the drop-down. After creating an administrator user and signing in as that account the option was no longer disabled.
-
Big Pumpkin about 6 yearsAccording to both docs.aws.amazon.com/acm/latest/userguide/acm-services.html and aws.amazon.com/certificate-manager/faqs, "to use an ACM certificate with CloudFront, you must request or import the certificate in the US East (N. Virginia) region".
-
toti08 over 5 yearsHi @d.balu, could you please provide some more explanation to your answer?
-
williamsandonz almost 5 yearsNice that it was documented somewhere :D
-
Deepan Prabhu Babu over 4 yearsi created a certificate using N.Virginia region in ACM, and DNS validation. It was working in 10 minutes.
-
Josh Hibschman about 4 yearsWhat?! It's 2020 now, this actually is still the fix.
-
peter_v about 4 yearsYes, lost an hour of my life to figure out you need to log out and log in ...
-
MillerMedia almost 4 yearsThis is the best answer. It was log out / log in that ultimately fixed this for me after registered my ACM certificate.
-
Tarun Bhargav over 3 yearsit worked :-) thanks for the tip saved me so much time
-
Abhishek Pankar over 3 yearsI inspected the html and removed the disabled property and selected the certificate lol
-
Dev Utkarsh almost 3 yearsLuckily I got within an hour, exactly after I read this thread.
-
instinct about 2 yearsThey give a small text just above in certificate section in cloudFront these days. This info we tend to miss.