Micah Hausler (@micahhausler.com)

AWS Certificate Manager introduces public certificates you can use anywhere AWS Certificate Manager (ACM) announces exportable public certificates that you can use on any workload that requires a public TLS certificate, whether within AWS or outside. With this release, you can issue public certificates that you can export and access the certificate’s private key to securely terminate TLS traffic on any compute workload. This includes EC2 instances, containers, or on-premises hosts. ACM customers can now affordably issue, manage, and automate public certificates for use with your AWS, hybrid, or multicloud workloads. Previously, ACM-issued public certificates could only be used with integrated AWS services, such as Amazon CloudFront. Now, during certificate request, you can mark the certificate as exportable for use outside of integrated services as well. You can procure these certificates within seconds once you complete the required domain validation to prove that you are authorized to receive the certificate. The exportable public certificates are valid for 395 days and costs $15 per FQDN and $149 per wildcard name. You don’t need to sign up for bulk issuance contracts and you only pay once for the lifetime of the certificate. Network and security administrators can monitor and automate the use of these certificates through ACM’s certificate lifecycle CloudWatch events Security is top priority within AWS and your end users cannot export public certificates that were issued prior to this launch. AWS administrators can set IAM policies to authorize roles and users who can request exportable public certificates. The feature is available in all regions where ACM is available including the AWS GovCloud (US) and China Regions. Learn more about this feature https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html. https://aws.amazon.com/about-aws/whats-new/2025/06/aws-certificate-manager-public-certificates-use-anywhere/