Renewing an SSL Certificate
There are currently 2 options for renewing an SSL Certificate. Depending on if it is a:
Certificates and CloudFront Distributions are the only sections of the AWS console you want to be in US-EAST-1 (N. Virginia).
Everything else in AWS needs to be in EU-WEST-1 (Ireland)
Renewing a Free Amazon Certificate
Amazon Free Certificates are automatically renewed by Amazon and automatically applied to the Cloudfront Distribution.
You shouldn't have to do anything to renew them.
However, if you can see Amazon hasn't renewed the certificate, the most likely cause is the DNS records that were created when the Certificate was initially requested have been deleted. Sometimes a client may remove these DNS records believing they're no longer required.
These records will need re-adding. See Requesting a Free SSL Certificate for the steps.
Renewing a 3rd Party Certificate
The easiest way to renew a 3rd party certificate is by finding the existing one currently in use and using the Reimport feature to override it.
You can install the new one separately (following the steps from Installing a Paid for 3rd Party SSL) but this will mean you now have an additional step: Updating the CloudFront distribution with the new Certificate - or ideally, updating the CloudFormation Stack if one exists.
Therefore, we recommend you follow the ReImporting steps below
ReImporting
Visit the AWS Certificate Manager once logged into the AWS Console.
Ensure you are in US-EAST-1 (N. Virginia) by selecting the region selector.
Find the current Certificate in the list and click it to go to the detail page
Click the Reimport button
Paste in the new Certificate Body, Private Key and Certificate Chain and click Next
Verify the information is correct (you should have matching domains but a greatly increased expiry date) and click Continue
After some seconds/minutes the Certificate will start propagating.
View the website in Incognito mode and inspect the Certificate to ensure the new expiry date is there.