AWS ACM notification about automatically renewing email validated certificates

Here’s the latest communication from AWS:

We have identified your account as an account that uses email validated certificates issued through AWS Certificate Manager (ACM). Due to a policy change by Mozilla, the organization behind the Firefox browser, ACM can no longer automatically renew email validated certificates on your behalf.

Beginning August 2021, email validated certificates will need to be renewed every year by clicking on a validation link that will be mailed when the certificate is 45 days from expiry.

The certificates references to that message are all convox’s internal *.convo-route-*.<region>.convox.site certs, which doesn’t enlist any email addresses for verification purposes.

How is this supposed to work please? Do they auto-renew somehow? How? What will happen to racks that are using those certs?

Thanks,
Ali

We have the same issue…

We too have the same issue…

Hello everyone, Brian from Convox here.

We also received this email from AWS, but you don’t need to worry. Any of the Convox generated certs will automatically renew, as they have been doing this for some time now, and the process hasn’t changed.

SSL renewals for certs on v3 racks under convox.cloud are done with LetsEncrypt.
v2 racks under convox.site are handled by us internally, you do not need to do anything despite the notifications from AWS.

If you have imported your own certs into a Rack, then it’s still down to you to manage those as you wish, but again, this process shouldn’t have changed for you either.

I hope this is helpful.

@Brian-G Very helpful clarification. Thank you so much.

Thanks @Brian-G !