You’re trying to delete an SSL certificate from the IAM certificate store, and you’re getting the
message “Certificate: <certificate-id> is being used by CloudFront.” Which of the following
statements is probably the reason why you are getting this error?
A.
Before you can delete an SSL certificate you need to set up https on your server.
B.
Before you can delete an SSL certificate, you need to set up the appropriate access level in IAM
C.
Before you can delete an SSL certificate, you need to either rotate SSL certificates or revert from
using a custom SSL certificate to using the default CloudFront certificate.
D.
You can’t delete SSL certificates . You need to request it from AWS.
Explanation:
CloudFront is a web service that speeds up distribution of your static and dynamic web content,
for example, .html, .css, .php, and image files, to end users. Every CloudFront web distribution
must be associated either with the default CloudFront certificate or with a custom SSL certificate.
Before you can delete an SSL certificate, you need to either rotate SSL certificates (replace the
current custom SSL certificate with another custom SSL certificate) or revert from using a custom
SSL certificate to using the default CloudFront certificate.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Troubleshooting.html