[FOLIO-3252] Fix AWS ACM cert issue Created: 27/Jul/21  Updated: 03/Aug/21

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Peter Murray Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: FOLIO DevOps

 Description   

arn:aws:acm:us-east-1:732722833398:certificate/ff25745c-aab1-4752-b630-520a1a241d5c is *.aws.indexdata.com


From: Amazon Web Services, Inc. <no-reply-aws@amazon.com>
Date: Jul 22, 2021, 3:30 AM -0400
To: folio-aws@openlibraryfoundation.org
Cc: olf-infra@ole-lists.openlibraryfoundation.org
Subject: Changes to AWS Certificate Manager (ACM) email validated certificate renewal workflow [AWS Account: 732722833398]

Hello,

We have identified your account as an account that uses email validated certificates issued through AWS Certificate Manager (ACM). Due to a policy change by Mozilla[1], the organization behind the Firefox browser, ACM can no longer automatically renew email validated certificates on your behalf.

Beginning August 2021, email validated certificates will need to be renewed every year by clicking on a validation link that will be mailed when the certificate is 45 days from expiry. You can read more about Email validated certificates including details on validation email here[2]. Additionally, you can also use CloudWatch metrics and events [3] to monitor and track ACM managed certificates that are approaching expiration.

For your reference, following is the list of your existing email-validated certificates:
arn:aws:acm:us-east-1:732722833398:certificate/ff25745c-aab1-4752-b630-520a1a241d5c

We recommend you migrate to DNS validation[4] if you are able. DNS validated certificates renew automatically as long as the CNAME record is properly configured. There is no way to convert an existing certificate from email validation to DNS validation, but you can request a new certificate at no cost.

Please reach out to AWS support if you have any questions[5].

[1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#2-certificate-authorities
[2] https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
[3] https://docs.aws.amazon.com/acm/latest/userguide/cloudwatch-metrics.html
[4] https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
[5] https://aws.amazon.com/support

Sincerely,
Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210


Reference: https://phd.aws.amazon.com/phd/home?region=us-east-1#/event-log?eventID=arn:aws:health:us-east-1::event/ACM/AWS_ACM_OPERATIONAL_NOTIFICATION/AWS_ACM_OPERATIONAL_NOTIFICATION_bdaee11ceb0ce608770647dd4392c1d50a8c88ed2761c064c5cc0aca0ef7096c&eventTab=details


Generated at Thu Feb 08 23:26:44 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.