Ensure that your SSL/TLS certificates stored in AWS IAM are renewed 30 (thirty) days before their validity period ends.
When SSL/TLS certificates are not renewed prior to their expiration date, these become invalid and the communication between the client and the AWS resource that implements the certificates (e.g. AWS ELB) is no longer secure. Note: This guide is using the Elastic Load Balancer (ELB) as the AWS resource that implements server certificates managed by IAM and is assuming that the ELBs verified are using valid SSL/TLS certificates for their HTTPS/SSL front-end listeners.
To determine if the SSL/TLS certificates currently stored in IAM are about to expire in 30 days, you need to perform the following:Note: Getting the certificates expiration information via AWS Management Console is not currently supported. To request information about the SSL/TLS certificates stored in AWS IAM use the Command Line Interface (CLI).
To renew (replace) the SSL/TLS certificates currently deployed on your Elastic Load Balancers, perform the following: