I want to start by noting that I’m not a security expert, so I may be missing something obvious here.

We currently use site-to-site VPNs to connect to our remote offices, and each VPN is configured with its own unique certificate (we are not using pre-shared keys). At the moment, we’re generating these certificates through AWS Certificate Manager. However, as I understand it, the maximum validity period for these certificates is 13 months.

The challenge we’re running into is I find myself needing to regularly update certificates on customer gateways (local routers), and it’s becoming increasingly difficult to manage at scale.

Is there a way to issue certificates with a longer validity period, either within AWS or by leveraging another AWS service? I do have flexibility to deploy additional AWS resources if needed, but bringing in a third-party service would be significantly more difficult due to budget constraints.