Did your SSL certificate issued through AWS Amazon Certificate Manager (ACM) recently stop working as expected?
The time of impact is when a certificate expires, a valid certificate will have had no impact.
AWS ACM is a service that issues SSL certificates and certificates are issued by Amazon Trust Services. It’s relatively easy to use. The certificate can be authenticated by DNS and will auto renew. The best bit; it’s completely free provided that the certificate is being used.
The change that was first announced by AWS in June 2024, was first supposed to go live in August 2024 but the rollout date was put back to October.
The change that came in was that ACM stopped cross-signing certificates with Starfield Class 2 (SC2). SC2 is operated by GoDaddy. Many popular browsers will stop trusting SC2 certificates in 2025.
The new certificate chain is illustrated here, the trust anchor is SC2 in this instance. You can see the difference to the old chain, which is illustrated here, the last certificate is cross signed by SC2.
If you have valid certificates, AWS will support them until the end of 2025.
