Skip to main content

Certificate

Provides an SSL certificate.

Certificates for CloudFront must be created in the us-east-1 region only.

Examples#

Create a certificate with DNS validation#

const domainName = "your.domain.name.com";
const certificate = provider.ACM.makeCertificate({
name: domainName,
properties: () => ({}),
});
const domain = provider.Route53Domain.useDomain({
name: domainName,
});
const hostedZone = provider.Route53.makeHostedZone({
name: `${domainName}.`,
dependencies: { domain },
});
const recordValidation = provider.Route53.makeRecord({
name: `certificate-validation-${domainName}.`,
dependencies: { hostedZone, certificate },
properties: ({ dependencies: { certificate } }) => {
const domainValidationOption =
certificate?.live?.DomainValidationOptions[0];
const record = domainValidationOption?.ResourceRecord;
if (domainValidationOption) {
assert(
record,
`missing record in DomainValidationOptions, certificate ${JSON.stringify(
certificate.live
)}`
);
}
return {
Name: record?.Name,
ResourceRecords: [
{
Value: record?.Value,
},
],
TTL: 300,
Type: "CNAME",
};
},
});

Source Code Examples#

Properties#

UsedBy#

List#

The list of certificates can be displayed and filtered with the type Certificate:

gc list -t Certificate
Listing resources on 1 provider: aws
✓ aws
✓ Initialising
✓ Listing 1/1
┌──────────────────────────────────────────────────────────────────┐
│ 2 ACM::Certificate from aws │
├──────────────────────────────────────────────────────────────────┤
│ name: dev.cloudfront.aws.test.grucloud.org │
│ managedByUs: NO │
│ live: │
│ CertificateArn: arn:aws:acm:us-east-1:840541460064:certificat… │
│ DomainName: dev.cloudfront.aws.test.grucloud.org │
│ SubjectAlternativeNames: │
│ - "dev.cloudfront.aws.test.grucloud.org" │
│ DomainValidationOptions: │
│ - DomainName: dev.cloudfront.aws.test.grucloud.org │
│ ValidationDomain: dev.cloudfront.aws.test.grucloud.org │
│ ValidationStatus: SUCCESS │
│ ResourceRecord: │
│ Name: _1c003a592ed0c0c949c1031f5deaef5e.dev.cloudfront.… │
│ Type: CNAME │
│ Value: _20c68e8d64be718e90d61c5bbb573b2b.bbfvkzsszw.acm… │
│ ValidationMethod: DNS │
│ Serial: 08:be:e5:a5:32:6e:83:1f:04:62:74:ad:35:40:35:59 │
│ Subject: CN=dev.cloudfront.aws.test.grucloud.org │
│ Issuer: Amazon │
│ CreatedAt: 2021-09-21T18:09:06.000Z │
│ IssuedAt: 2021-09-21T18:10:02.000Z │
│ Status: ISSUED │
│ NotBefore: 2021-09-21T00:00:00.000Z │
│ NotAfter: 2022-10-20T23:59:59.000Z │
│ KeyAlgorithm: RSA-2048 │
│ SignatureAlgorithm: SHA256WITHRSA │
│ InUseBy: [] │
│ Type: AMAZON_ISSUED │
│ KeyUsages: │
│ - Name: DIGITAL_SIGNATURE │
│ - Name: KEY_ENCIPHERMENT │
│ ExtendedKeyUsages: │
│ - Name: TLS_WEB_SERVER_AUTHENTICATION │
│ OID: 1.3.6.1.5.5.7.3.1 │
│ - Name: TLS_WEB_CLIENT_AUTHENTICATION │
│ OID: 1.3.6.1.5.5.7.3.2 │
│ RenewalEligibility: INELIGIBLE │
│ Options: │
│ CertificateTransparencyLoggingPreference: ENABLED │
│ Tags: │
│ - Key: gc-created-by-provider │
│ Value: aws │
│ - Key: gc-managed-by │
│ Value: grucloud │
│ - Key: gc-project-name │
│ Value: @grucloud/example-aws-website-https │
│ - Key: gc-stage │
│ Value: dev │
│ - Key: Name │
│ Value: dev.cloudfront.aws.test.grucloud.org │
│ │
├──────────────────────────────────────────────────────────────────┤
│ name: grucloud.org │
│ managedByUs: NO │
│ live: │
│ CertificateArn: arn:aws:acm:us-east-1:840541460064:certificat… │
│ DomainName: grucloud.org │
│ SubjectAlternativeNames: │
│ - "grucloud.org" │
│ DomainValidationOptions: │
│ - DomainName: grucloud.org │
│ ValidationDomain: grucloud.org │
│ ValidationStatus: SUCCESS │
│ ResourceRecord: │
│ Name: _691e4a68814938b97e40e8e955bf1a30.grucloud.org. │
│ Type: CNAME │
│ Value: _19aece4a9123a510cd3c628c73fa754b.wggjkglgrm.acm… │
│ ValidationMethod: DNS │
│ Serial: 04:66:5e:8d:c5:53:94:cc:cd:f7:33:70:73:a4:33:05 │
│ Subject: CN=grucloud.org │
│ Issuer: Amazon │
│ CreatedAt: 2021-10-27T17:31:03.044Z │
│ IssuedAt: 2021-10-27T17:41:51.537Z │
│ Status: ISSUED │
│ NotBefore: 2021-10-27T00:00:00.000Z │
│ NotAfter: 2022-11-25T23:59:59.000Z │
│ KeyAlgorithm: RSA-2048 │
│ SignatureAlgorithm: SHA256WITHRSA │
│ InUseBy: [] │
│ Type: AMAZON_ISSUED │
│ KeyUsages: │
│ - Name: DIGITAL_SIGNATURE │
│ - Name: KEY_ENCIPHERMENT │
│ ExtendedKeyUsages: │
│ - Name: TLS_WEB_SERVER_AUTHENTICATION │
│ OID: 1.3.6.1.5.5.7.3.1 │
│ - Name: TLS_WEB_CLIENT_AUTHENTICATION │
│ OID: 1.3.6.1.5.5.7.3.2 │
│ RenewalEligibility: INELIGIBLE │
│ Options: │
│ CertificateTransparencyLoggingPreference: ENABLED │
│ Tags: [] │
│ │
└──────────────────────────────────────────────────────────────────┘