CloudFormation CREATE_FAILED with error "Certificate ARN is not valid"

Question

I am attempting to use the CloudFormation template for a new VPC and workload as provided within https://aws-quickstart.s3.amazonaws.com/quickstart-hashicorp-vault/doc/hashicorp-vault-on-the-aws-cloud.pdf to create a vault cluster. However, I am seeing the following:

VaultServerListener HTTPS CREATE_FAILED Certificate ARN '' is not valid (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError; Request ID: 650c7ca1-0abe-4bae-9b30-d114c220423d)

Answer 1

Make sure that the certificate ARN

• is in the same region as the load balancer,
• has status "Issued" (not "Expired").

Try creating the load balancer without the certificate arn first, then add a listener with the certificate using the AWS Console web interface.