我的AWS Elastic Load Balancer上的SSL证书即将过期,我需要用一个新证书替换它。
我已经将新证书/捆绑包/密钥上传到IAM,但不会在Load Balancer设置的下拉列表中显示,应该让我选择要应用的证书。
这是我将aws iam list-server-certificates放入时的输出
我认为这表明我已将新证书上载到IAM ok。列表中最重要的证书是一个现在即将到期的证书,另外两个是我最近上传的证书,目的是替换它(实际上是两次尝试使用相同的pem文件上传)。
下图显示只有一个证书可供选择以应用于负载均衡器。不幸的是,它即将到期。
令我感到有些奇怪的是,下拉列表中的证书名称ptdsslcert-与aws iam list-server-certificates输出中的名称不同,即使它是即将到期的同一证书。
I'm really stuck here and if I don't figure this out soon I'm going to have an expired certificate on my domain so I would be really appreciative of any help on this.
The AWS CLI uses a provider chain to look for AWS credentials in a number of different places, including system or user environment variables and local AWS configuration files.
http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
Although it's hard to guess the specific local machine configuration issue that resulted in the behavior observed, as noted in the comments, this appeared to be an issue where aws cli
was using two different sets of credentials to access two different services, and these two sets of credentials were actually from two different AWS accounts.
The ServerCertificateName
returned by the API (accessed through the CLI) should have matched the certificate name shown in the console drop-down for Elastic Load Balancer certificate selection.
The composition of ARNs (Amazon Resource Names) varies by service, but often includes the AWS account number. In this case, the account number shown in the CLI output did not match what was visible in the AWS console... leading to the conclusion that the issue was that an AWS account other than the intended one was being accessed by aws cli
.
As cross-confirmed by the differing display names, the "existing" certificate, uploaded a year ago, may have had the same content but was in fact a different IAM entity than the one seen in the dropdown, as the two certificates were associated with entirely different accounts.
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句