From dc50ae37de9dd5e8e28b2599c1f13b529226e093 Mon Sep 17 00:00:00 2001 From: Ben Doyle Date: Tue, 22 Aug 2017 09:21:01 +0100 Subject: [PATCH] Move inline emojis to own sub points I've removed the top duplicate of the "need to request new cert" gotcha comments/death threats about this welcome. --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f0b0629..7eeaaf3 100644 --- a/README.md +++ b/README.md @@ -1816,15 +1816,16 @@ Certificate Manager - 🔹**Supported services:** Managed [Load Balancers](#load-balancers), [CloudFront](#cloudfront), [API Gateway](#api-gateway) and [Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/). - 🔸During the domain validation process, Certificate Manager will send an email to every contact address specified in the domain’s WHOIS record and up to five common administrative addresses. Some anti-spam filters can mark emails as spam because of this. You should check the spam folder of your email if you don’t receive a confirmation email. -- 🔹 Setting up a certificate for a test domain you don't have email set up on? Use [AWS Work Mail](http://docs.aws.amazon.com/workmail/latest/userguide/what_is.html) to quickly set up an email for the domain to approve the request. Make sure to tear it down after. -- 🔹Remember when requesting a wildcard domain that the request will not be valid for the level just below the wildcard, or any subdomains preceding the wildcard. Take for example an approved, issued certificate for `*.bar.example.com`. This would be valid for `foo.bar.example.com` but not `bar.example.com`. Likewise it would also not be valid for `www.bar.example.com`. You would need to add each of these domains to the certificate request. **Note** this is not a limitation of AWS Certificate Manger, but rather how SSL certificate Common Name fields work in general. 🔸As per below, you cannot add/remove domains to existing certificates, and must request a new one. +- 🔹 Setting up a certificate for a test domain you don't have email set up on? Use [AWS WorkMail](http://docs.aws.amazon.com/workmail/latest/userguide/what_is.html) to quickly set up an email for the domain to approve the request. Make sure to tear it down after. +- 🔹Remember when requesting a wildcard domain that the request will not be valid for the level just below the wildcard, or any subdomains preceding the wildcard. Take for example an approved, issued certificate for `*.bar.example.com`. This would be valid for `foo.bar.example.com` but not `bar.example.com`. Likewise it would also not be valid for `www.bar.example.com`. You would need to add each of these domains to the certificate request. ### Certificate Manager Gotchas and Limitations - 🔸In order to use **Certificate Manager** for CloudFront distributions, the certificate must be issued or imported from us-east-1 (N. Virginia) region. - 🔸Certificates used with Elastic Load Balancers must be issued in the same region as the load balancer. Certificates can not be moved or copied between regions, as of July 2017. If a domain uses load balancers present in multiple regions, a different certificate must be requested for each region. - 🔸**IoT** has its [own way](http://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html) of setting up certificates. -- 🔸By default maximum number of domains per certificate is 10. You can get this limit increased to a maximum of 100 by contacting AWS support. **Note** for every different domain you have on the requested cert, you'll need to press accept on an email sent to that domain. For example if you request a cert with 42 different domains or sub domains, you'll need to press accept on 42 different links. 🔹If you request a limit increate to AWS support for this, they will respond to you asking to confirm this. Bypass this by saying in the body of your initial request: +- 🔸By default maximum number of domains per certificate is 10. You can get this limit increased to a maximum of 100 by contacting AWS support. **Note** for every different domain you have on the requested cert, you'll need to press accept on an email sent to that domain. For example if you request a cert with 42 different domains or sub domains, you'll need to press accept on 42 different links. + - 🔹If you request a limit increate to AWS support for this, they will respond to you asking to confirm this. Bypass this by saying in the body of your initial request: ```"I acknowledge at the moment, there is no method to add or remove a name from a certificate. Instead, you must request a new certificate with the revised namelist and you must then re-approve all of the names in the certificate, even if they'd been previously approved."``` - 🔸There is no way at the moment to add or remove a domain to an existing certificate. You must request a new certificate and re-approve it from each of the domains requested.