[Docs]: The certificate authority is not in a valid state for issuing certificates

[Nishanth95]

Documentation Link

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acmpca_certificate

Description

tls_private_key.key: Creating... aws_acmpca_certificate_authority.example: Creating... tls_private_key.key: Creation complete after 1s [id=750129974b243a0bfc97b5e7cc7860d1226b2981] tls_cert_request.csr: Creating... tls_cert_request.csr: Creation complete after 0s [id=c286cc30a1c12809ed6f3370c0b90924d16a8030] aws_acmpca_certificate_authority.example: Creation complete after 1s [id=arn:aws:acm-pca:us-east-1:075361822965:certificate-authority/2525d2a6-0734-406a-adb6-b8a7015a3474] aws_acmpca_certificate.example: Creating... aws_acmpca_certificate.example: Still creating... [10s elapsed] aws_acmpca_certificate.example: Still creating... [20s elapsed] aws_acmpca_certificate.example: Still creating... [30s elapsed] aws_acmpca_certificate.example: Still creating... [40s elapsed] aws_acmpca_certificate.example: Still creating... [50s elapsed] aws_acmpca_certificate.example: Still creating... [1m0s elapsed] ╷ │ Error: issuing ACM PCA Certificate with Certificate Authority (arn:aws:acm-pca:us-east-1:075361822965:certificate-authority/2525d2a6-0734-406a-adb6-b8a7015a3474): operation error ACM PCA: IssueCertificate, https response error StatusCode: 400, RequestID: 2bbfadff-87bd-4439-bff6-058e37ef6b7a, InvalidStateException: The certificate authority is not in a valid state for issuing certificates │ │ with aws_acmpca_certificate.example, │ on main.tf line 1, in resource "aws_acmpca_certificate" "example": │ 1: resource "aws_acmpca_certificate" "example" { │

References

[root@ip-172-31-95-251 acm]# cat main.tf resource "aws_acmpca_certificate" "example" { certificate_authority_arn = aws_acmpca_certificate_authority.example.arn certificate_signing_request = tls_cert_request.csr.cert_request_pem signing_algorithm = "SHA256WITHRSA" validity { type = "YEARS" value = 1 } }

resource "aws_acmpca_certificate_authority" "example" { type = "ROOT" certificate_authority_configuration { key_algorithm = "RSA_4096" signing_algorithm = "SHA512WITHRSA"

subject {
  common_name = "example.com"
}

}

permanent_deletion_time_in_days = 7 }

resource "tls_private_key" "key" { algorithm = "RSA" }

resource "tls_cert_request" "csr" { private_key_pem = tls_private_key.key.private_key_pem

subject { common_name = "example" } }

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @Nishanth95 👋 Thank you for taking the time to raise this! Can you supply a bit more information so that we're able to take corrective action as needed?

[justinretzolk]

Since we haven't heard back, I'm going to close this issue. If you're still having trouble, please feel free to open a new issue, referencing this one for context as needed.

[github-actions[bot]]

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.