Home / server / Questions / 1032999
In Process
Yevgeniy Afanasyev
Asked: 2020-09-08 17:21:01 +0800 CST

I'm trying to create (SSL/TLS) certificate with AWS, failing

  • 772

I'm trying to request a (SSL/TLS) certificate with AWS Certificate Manager.

but getting this error:

Something went wrong Cannot request more certificates in this account. Contact Customer Service for details.

I tried to make a case Limit Increase: Certificate Manager, but it stays unassigned for 24 hours.

I have never hit a limit of 100 certificates.

It started, when I tried to make a certificate for a domain that was not registered with route 53. Now I cannot even create a certificate for domains that registered with route 53. Was it a coincidence or is it related?

enter image description here

certificate-authority ssl-certificate amazon-web-services

3 Answers

  1. That seems like a glitch in their system, that's hardly something we can help with over here.

    Your best bet - subscribe to a Business support for a month (~ $100/month) and get them to have a look at it.

    • 2

  2. I expect your're at your service quota limit for certificates. Check this link, but change your region in the link before pasting to the region you're using.

    ACM limits

    I have seen some new accounts with very very low limits for some services in the past, particularly in smaller regions. They tend to go up over time. Sometimes odd things can happen as well I guess, like with any system.

    The time it takes to raise a service limit varies. With business or enterprise support you can mark it urgent and it'll probably get done in minutes. For free tier accounts it might take hours or a few days. I've not often done it so not too sure. Do what MLu suggested if you need a fast turnaround, pay for support.

    As I mentioned in the comments, check your limits in a few regions, and try creating a cert in us-east-1 just to see if it works there. CloudFront certs must be in us-east-1.

    You could check your SCPs in AWS Organisations. I often get caught out by the SCPs I've put in place as I tend to put in highly restrictive policies.

    I don't believe this has anything to do with whether the domain is in Route53 - nothing in any of my studies or experience suggest that is likely. I've been using ACM quite a bit recently, it has worked fine regardless of whether the certificate is for a domain in Route53. While we do tend to use Route53, the order that we create the results in (cert first or hosted zone first) appears to make no difference.

    • 1

  3. It was about 40 hours of waiting when I get the response from AWS.

    The main part from the response was:

    I have processed the limit increase as requested. The service limit increase request is currently under review by our service team. Please note that it can take some time for the service team to review your request. This is to ensure that we can meet your needs while keeping existing infrastructure safe.

    In 48 hours it was all back to normal. I just created my certificates fine. Thank you.

    • 1