Documentation

Describes a load balancer SSL/TLS certificate.

TLS is just an updated, more secure version of Secure Socket Layer (SSL).

See: newLoadBalancerTlsCertificate smart constructor.

Create a value of LoadBalancerTlsCertificate with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:failureReason:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_failureReason - The validation failure reason, if any, of the certificate.

The following failure reasons are possible:

• NO_AVAILABLE_CONTACTS - This failure applies to email validation, which is not available for Lightsail certificates.

• ADDITIONAL_VERIFICATION_REQUIRED - Lightsail requires additional information to process this certificate request. This can happen as a fraud-protection measure, such as when the domain ranks within the Alexa top 1000 websites. To provide the required information, use the AWS Support Center to contact AWS Support.

  You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.

• DOMAIN_NOT_ALLOWED - One or more of the domain names in the certificate request was reported as an unsafe domain by VirusTotal. To correct the problem, search for your domain name on the VirusTotal website. If your domain is reported as suspicious, see Google Help for Hacked Websites to learn what you can do.

  If you believe that the result is a false positive, notify the organization that is reporting the domain. VirusTotal is an aggregate of several antivirus and URL scanners and cannot remove your domain from a block list itself. After you correct the problem and the VirusTotal registry has been updated, request a new certificate.

  If you see this error and your domain is not included in the VirusTotal list, visit the AWS Support Center and create a case.

• INVALID_PUBLIC_DOMAIN - One or more of the domain names in the certificate request is not valid. Typically, this is because a domain name in the request is not a valid top-level domain. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request, and ensure that all domain names in the request are for valid top-level domains. For example, you cannot request a certificate for example.invalidpublicdomain because invalidpublicdomain is not a valid top-level domain.
• OTHER - Typically, this failure occurs when there is a typographical error in one or more of the domain names in the certificate request. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request.

$sel:subject:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_subject - The name of the entity that is associated with the public key contained in the certificate.

$sel:status:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_status - The validation status of the SSL/TLS certificate. Valid values are below.

$sel:subjectAlternativeNames:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_subjectAlternativeNames - An array of strings that specify the alternate domains (e.g., example2.com) and subdomains (e.g., blog.example.com) for the certificate.

$sel:resourceType:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_resourceType - The resource type (e.g., LoadBalancerTlsCertificate).

• Instance - A Lightsail instance (a virtual private server)
• StaticIp - A static IP address
• KeyPair - The key pair used to connect to a Lightsail instance
• InstanceSnapshot - A Lightsail instance snapshot
• Domain - A DNS zone
• PeeredVpc - A peered VPC
• LoadBalancer - A Lightsail load balancer
• LoadBalancerTlsCertificate - An SSL/TLS certificate associated with a Lightsail load balancer
• Disk - A Lightsail block storage disk
• DiskSnapshot - A block storage disk snapshot

$sel:arn:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_arn - The Amazon Resource Name (ARN) of the SSL/TLS certificate.

$sel:createdAt:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_createdAt - The time when you created your SSL/TLS certificate.

$sel:location:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_location - The AWS Region and Availability Zone where you created your certificate.

$sel:loadBalancerName:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_loadBalancerName - The load balancer name where your SSL/TLS certificate is attached.

$sel:serial:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_serial - The serial number of the certificate.

$sel:isAttached:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_isAttached - When true, the SSL/TLS certificate is attached to the Lightsail load balancer.

$sel:revokedAt:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_revokedAt - The timestamp when the certificate was revoked. This value is present only when the certificate status is REVOKED.

$sel:notBefore:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_notBefore - The timestamp when the SSL/TLS certificate is first valid.

$sel:revocationReason:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_revocationReason - The reason the certificate was revoked. This value is present only when the certificate status is REVOKED.

$sel:domainName:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_domainName - The domain name for your SSL/TLS certificate.

$sel:name:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_name - The name of the SSL/TLS certificate (e.g., my-certificate).

$sel:renewalSummary:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_renewalSummary - An object that describes the status of the certificate renewal managed by Lightsail.

$sel:supportCode:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_supportCode - The support code. Include this code in your email to support when you have questions about your Lightsail load balancer or SSL/TLS certificate. This code enables our support team to look up your Lightsail information more easily.

$sel:domainValidationRecords:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_domainValidationRecords - An array of LoadBalancerTlsCertificateDomainValidationRecord objects describing the records.

$sel:issuedAt:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_issuedAt - The time when the SSL/TLS certificate was issued.

$sel:keyAlgorithm:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_keyAlgorithm - The algorithm used to generate the key pair (the public and private key).

$sel:signatureAlgorithm:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_signatureAlgorithm - The algorithm that was used to sign the certificate.

$sel:issuer:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_issuer - The issuer of the certificate.

$sel:tags:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_tags - The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

$sel:notAfter:LoadBalancerTlsCertificate', loadBalancerTlsCertificate_notAfter - The timestamp when the SSL/TLS certificate expires.

The validation failure reason, if any, of the certificate.

The following failure reasons are possible:

• NO_AVAILABLE_CONTACTS - This failure applies to email validation, which is not available for Lightsail certificates.

• ADDITIONAL_VERIFICATION_REQUIRED - Lightsail requires additional information to process this certificate request. This can happen as a fraud-protection measure, such as when the domain ranks within the Alexa top 1000 websites. To provide the required information, use the AWS Support Center to contact AWS Support.

  You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.

• DOMAIN_NOT_ALLOWED - One or more of the domain names in the certificate request was reported as an unsafe domain by VirusTotal. To correct the problem, search for your domain name on the VirusTotal website. If your domain is reported as suspicious, see Google Help for Hacked Websites to learn what you can do.

  If you believe that the result is a false positive, notify the organization that is reporting the domain. VirusTotal is an aggregate of several antivirus and URL scanners and cannot remove your domain from a block list itself. After you correct the problem and the VirusTotal registry has been updated, request a new certificate.

  If you see this error and your domain is not included in the VirusTotal list, visit the AWS Support Center and create a case.

• INVALID_PUBLIC_DOMAIN - One or more of the domain names in the certificate request is not valid. Typically, this is because a domain name in the request is not a valid top-level domain. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request, and ensure that all domain names in the request are for valid top-level domains. For example, you cannot request a certificate for example.invalidpublicdomain because invalidpublicdomain is not a valid top-level domain.
• OTHER - Typically, this failure occurs when there is a typographical error in one or more of the domain names in the certificate request. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request.

The name of the entity that is associated with the public key contained in the certificate.

The validation status of the SSL/TLS certificate. Valid values are below.

An array of strings that specify the alternate domains (e.g., example2.com) and subdomains (e.g., blog.example.com) for the certificate.

The resource type (e.g., LoadBalancerTlsCertificate).

• Instance - A Lightsail instance (a virtual private server)
• StaticIp - A static IP address
• KeyPair - The key pair used to connect to a Lightsail instance
• InstanceSnapshot - A Lightsail instance snapshot
• Domain - A DNS zone
• PeeredVpc - A peered VPC
• LoadBalancer - A Lightsail load balancer
• LoadBalancerTlsCertificate - An SSL/TLS certificate associated with a Lightsail load balancer
• Disk - A Lightsail block storage disk
• DiskSnapshot - A block storage disk snapshot

The Amazon Resource Name (ARN) of the SSL/TLS certificate.

The time when you created your SSL/TLS certificate.

The AWS Region and Availability Zone where you created your certificate.

The load balancer name where your SSL/TLS certificate is attached.

The serial number of the certificate.

When true, the SSL/TLS certificate is attached to the Lightsail load balancer.

The timestamp when the certificate was revoked. This value is present only when the certificate status is REVOKED.

The timestamp when the SSL/TLS certificate is first valid.

The reason the certificate was revoked. This value is present only when the certificate status is REVOKED.

The domain name for your SSL/TLS certificate.

The name of the SSL/TLS certificate (e.g., my-certificate).

An object that describes the status of the certificate renewal managed by Lightsail.

The support code. Include this code in your email to support when you have questions about your Lightsail load balancer or SSL/TLS certificate. This code enables our support team to look up your Lightsail information more easily.

An array of LoadBalancerTlsCertificateDomainValidationRecord objects describing the records.

The time when the SSL/TLS certificate was issued.

The algorithm used to generate the key pair (the public and private key).

The algorithm that was used to sign the certificate.

The issuer of the certificate.

The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

The timestamp when the SSL/TLS certificate expires.