Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impossible to update the intermediate chain on an imported ACM certificate #23869

Closed
zioalex opened this issue Jan 15, 2020 · 2 comments
Closed

Impossible to update the intermediate chain on an imported ACM certificate #23869

zioalex opened this issue Jan 15, 2020 · 2 comments
Labels
provider/aws

Comments

@zioalex
Copy link

zioalex commented Jan 15, 2020
edited
Loading

Terraform Version

Terraform v0.12.19
+ provider.aws v2.41.0
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2
...

Terraform Configuration Files

resource "aws_acm_certificate" "wildcard_users_service_domain" {
  count             = local.enable_users_service_lb
  private_key       = local.users_service_ssl_cert_key
  certificate_body  = local.users_service_ssl_cert
  certificate_chain = local.users_service_ssl_cert_chain

  lifecycle {
    create_before_destroy = true
  }
}
...

Debug Output

https://gist.github.com/zioalex/0b4c01ea1a4d6213fee1cff86ae50a46

Crash Output

Expected Behavior

I expect to have the certificate updated with the new cert chain or a new certificate with the update chain.

Actual Behavior

it fails with:

Error: Error updating certificate: ValidationException: The certificate field contains more than one certificate. You can specify only one certificate in this field.
	status code: 400, request id: ad0750e3-bce4-441b-b3ce-07dd8c48306e

  on ../modules/cluster/loadbalancer.tf line 210, in resource "aws_acm_certificate" "wildcard_users_service_domain":
 210: resource "aws_acm_certificate" "wildcard_users_service_domain" {

Steps to Reproduce

have a terraform.tfvars with:

users_service_ssl_file_cert = "sslcerts/wildcard.star.com.crt"
# users_service_ssl_file_cert_chain = "sslcerts/rapidssl_intermediate.crt"
users_service_ssl_file_cert_chain = "sslcerts/1.cer"

Then

terraform init
terraform apply

this works correctly and the cert is created.
Change the intermediate chain and re-apply and it will fail.

Additional Context

I tried to this with AWS console and I am able to re-import the same cert with a different chain.

References
@ghost ghost mentioned this issue Jan 15, 2020
Closed
@ghost
Copy link

ghost commented Jan 15, 2020

This issue has been automatically migrated to hashicorp/terraform-provider-aws#11615 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-aws#11615.

@ghost ghost closed this as completed Jan 15, 2020
@ghost
Copy link

ghost commented Mar 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Mar 28, 2020
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbardin @zioalex