AWS Certificate Manager will discontinue WHOIS lookup for email-validated certificates
Security Blog
This article discusses upcoming changes to how AWS Certificate Manager (ACM) validates domain ownership for email-validated certificates. Currently, ACM sends validation emails to addresses listed in the WHOIS database and five common system addresses for the domain.
Specifically, the article covers:
- Background on how ACM currently validates domain ownership using WHOIS lookups and emails to common system addresses
- Announcement that starting June 2024, ACM will no longer use WHOIS lookups for new email-validated certificates
- Announcement that starting October 2024, ACM will no longer use WHOIS lookups for existing email-validated certificate renewals
- Reasons for the change, including declining WHOIS lookup success rates, mitigating availability risks, and providing a consistent validation mechanism
- Recommendations to monitor the five common system addresses or switch to DNS-validated certificates to prepare for this change
- Conclusion emphasizing the importance of monitoring certificate expiration and taking action to renew email-validated certificates
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 19
2026
2026
AWS Certificate Manager updates default certificate validity to comply with new guidelines
Apr 7
2026
2026
AWS Certificate Manager now supports native certificate search
Jun 17
2025
2025
AWS Certificate Manager introduces public certificates you can use anywhere
Jun 17
2025
2025
AWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhere
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.