[ aws . lightsail ]

get-load-balancer-tls-certificates

Description

Returns information about the TLS certificates that are associated with the specified Lightsail load balancer.

TLS is just an updated, more secure version of Secure Socket Layer (SSL).

You can have a maximum of 2 certificates associated with a Lightsail load balancer. One is active and the other is inactive.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  get-load-balancer-tls-certificates
--load-balancer-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]

Options

--load-balancer-name (string)

The name of the load balancer you associated with your SSL/TLS certificate.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

--cli-auto-prompt (boolean) Automatically prompt for CLI input parameters.

See ‘aws help’ for descriptions of global parameters.

Examples

To get information about TLS certificates for a load balancer

The following get-load-balancer-tls-certificates example displays details about the TLS certificates for the specified load balancer.

aws lightsail get-load-balancer-tls-certificates \
    --load-balancer-name LoadBalancer-1

Output:

{
    "tlsCertificates": [
        {
            "name": "example-com",
            "arn": "arn:aws:lightsail:us-west-2:111122223333:LoadBalancerTlsCertificate/d7bf4643-6a02-4cd4-b3c4-fEXAMPLE9b4d",
            "supportCode": "6EXAMPLE3362/arn:aws:acm:us-west-2:333322221111:certificate/9af8e32c-a54e-4a67-8c63-cEXAMPLEb314",
            "createdAt": 1571678025.3,
            "location": {
                "availabilityZone": "all",
                "regionName": "us-west-2"
            },
            "resourceType": "LoadBalancerTlsCertificate",
            "loadBalancerName": "LoadBalancer-1",
            "isAttached": false,
            "status": "ISSUED",
            "domainName": "example.com",
            "domainValidationRecords": [
                {
                    "name": "_dEXAMPLE4ede046a0319eb44a4eb3cbc.example.com.",
                    "type": "CNAME",
                    "value": "_bEXAMPLE0899fb7b6bf79d9741d1a383.hkvuiqjoua.acm-validations.aws.",
                    "validationStatus": "SUCCESS",
                    "domainName": "example.com"
                }
            ],
            "issuedAt": 1571678070.0,
            "issuer": "Amazon",
            "keyAlgorithm": "RSA-2048",
            "notAfter": 1605960000.0,
            "notBefore": 1571616000.0,
            "serial": "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff",
            "signatureAlgorithm": "SHA256WITHRSA",
            "subject": "CN=example.com",
            "subjectAlternativeNames": [
                "example.com"
            ]
        }
    ]
}

Output

tlsCertificates -> (list)

An array of LoadBalancerTlsCertificate objects describing your SSL/TLS certificates.

(structure)

Describes a load balancer SSL/TLS certificate.

TLS is just an updated, more secure version of Secure Socket Layer (SSL).

name -> (string)

The name of the SSL/TLS certificate (e.g., my-certificate ).

arn -> (string)

The Amazon Resource Name (ARN) of the SSL/TLS certificate.

supportCode -> (string)

The support code. Include this code in your email to support when you have questions about your Lightsail load balancer or SSL/TLS certificate. This code enables our support team to look up your Lightsail information more easily.

createdAt -> (timestamp)

The time when you created your SSL/TLS certificate.

location -> (structure)

The AWS Region and Availability Zone where you created your certificate.

availabilityZone -> (string)

The Availability Zone. Follows the format us-east-2a (case-sensitive).

regionName -> (string)

The AWS Region name.

resourceType -> (string)

The resource type (e.g., LoadBalancerTlsCertificate ).

  • **Instance ** - A Lightsail instance (a virtual private server)

  • **StaticIp ** - A static IP address

  • **KeyPair ** - The key pair used to connect to a Lightsail instance

  • **InstanceSnapshot ** - A Lightsail instance snapshot

  • **Domain ** - A DNS zone

  • **PeeredVpc ** - A peered VPC

  • **LoadBalancer ** - A Lightsail load balancer

  • **LoadBalancerTlsCertificate ** - An SSL/TLS certificate associated with a Lightsail load balancer

  • **Disk ** - A Lightsail block storage disk

  • **DiskSnapshot ** - A block storage disk snapshot

tags -> (list)

The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Lightsail Dev Guide .

(structure)

Describes a tag key and optional value assigned to an Amazon Lightsail resource.

For more information about tags in Lightsail, see the Lightsail Dev Guide .

key -> (string)

The key of the tag.

Constraints: Tag keys accept a maximum of 128 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @

value -> (string)

The value of the tag.

Constraints: Tag values accept a maximum of 256 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @

loadBalancerName -> (string)

The load balancer name where your SSL/TLS certificate is attached.

isAttached -> (boolean)

When true , the SSL/TLS certificate is attached to the Lightsail load balancer.

status -> (string)

The validation status of the SSL/TLS certificate. Valid values are below.

domainName -> (string)

The domain name for your SSL/TLS certificate.

domainValidationRecords -> (list)

An array of LoadBalancerTlsCertificateDomainValidationRecord objects describing the records.

(structure)

Describes the validation record of each domain name in the SSL/TLS certificate.

name -> (string)

A fully qualified domain name in the certificate. For example, example.com .

type -> (string)

The type of validation record. For example, CNAME for domain validation.

value -> (string)

The value for that type.

validationStatus -> (string)

The validation status. Valid values are listed below.

domainName -> (string)

The domain name against which your SSL/TLS certificate was validated.

failureReason -> (string)

The reason for the SSL/TLS certificate validation failure.

issuedAt -> (timestamp)

The time when the SSL/TLS certificate was issued.

issuer -> (string)

The issuer of the certificate.

keyAlgorithm -> (string)

The algorithm that was used to generate the key pair (the public and private key).

notAfter -> (timestamp)

The timestamp when the SSL/TLS certificate expires.

notBefore -> (timestamp)

The timestamp when the SSL/TLS certificate is first valid.

renewalSummary -> (structure)

An object containing information about the status of Lightsail’s managed renewal for the certificate.

renewalStatus -> (string)

The status of Lightsail’s managed renewal of the certificate. Valid values are listed below.

domainValidationOptions -> (list)

Contains information about the validation of each domain name in the certificate, as it pertains to Lightsail’s managed renewal. This is different from the initial validation that occurs as a result of the RequestCertificate request.

(structure)

Contains information about the domain names on an SSL/TLS certificate that you will use to validate domain ownership.

domainName -> (string)

The fully qualified domain name in the certificate request.

validationStatus -> (string)

The status of the domain validation. Valid values are listed below.

revocationReason -> (string)

The reason the certificate was revoked. Valid values are below.

revokedAt -> (timestamp)

The timestamp when the SSL/TLS certificate was revoked.

serial -> (string)

The serial number of the certificate.

signatureAlgorithm -> (string)

The algorithm that was used to sign the certificate.

subject -> (string)

The name of the entity that is associated with the public key contained in the certificate.

subjectAlternativeNames -> (list)

One or more domains or subdomains included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CNAME) of the certificate and additional domain names that can be used to connect to the website, such as example.com , www.example.com , or m.example.com .

(string)