Certificates expiring on AWS Amplify

I assumed (incorectly) that websites hosted on AWS Amplify (a serverless product) didn’t need to worry about managing SSL certificates. Unfortunately, I recently discovered my website showing an SSL certificate error. How could this be possible?

In this post I’ll be going over what happened, the solution, and how to keep your AWS Amplify or serverless websites online.

1.0 The problem

Towards the end of January 2023 I was greeted with the following message:


I immediately logged into the AWS Amplify console and found no warnings, no error messages, and no ability to renew certificates.

2.0 Why does this happen?

Amplify uses the AWS Certificate Manager (ACM) service to issue certificates.

To verify domain ownership ACM will ask you to create a unique ‘CNAME’ DNS record. ACM checks for the presence of this DNS record before it will issue or renew a certificate.

The DNS record must be present at certificate renewal time otherwise the process will fail.

Customers of Amazon’s Route 53 DNS service should have the DNS record created automatically.

3.0 Resolution

Unfortunately the only solution I could find was to remove and re-add the domain to Amplify.

To remove the domain:

  1. From the Amplify console, select Domain management
  2. Open the Actions drop-down menu
  3. Select delete


To re-add the domain:

  1. From the Amplify console, select Domain management
  2. Click on the Add domain button
  3. Enter your domain name, then click configure domain
  4. Click save

Shortly after re-adding the domain the console will ask you to create a CNAME record.


Create the CNAME record as requested and then check the console every 5 minutes or so.

Your website should be back up and running in about 10-15 minutes time. Remember to re-point your domains A DNS records to the new CloudFront distribution created during the Amplify cusotm domain wizard.

5.0 Thoughts

AWS Ampify’s simplicity is both a strength and weakness. Whilst Amplify makes it easy to setup, deloy, and maintain web apps, access to view or alter the backend services often isn’t available.

Thankfully AWS has put some feature requests onto Amplify’s roadmap. Ironically, these features already exist on the backend services.

Going forward I’d love to see an AWS Amplify which created and/or managed resources inside of my AWS account. Hopefully one day that might be possible.