Boto3: ELBv2 CreateListener operation: You cannot set the isDefault parameter for a certificate.

Created on 19 Jun 2018  路  4Comments  路  Source: boto/boto3

Seeing this with create_listener

An error occurred (ValidationError) when calling the CreateListener operation: You cannot set the isDefault parameter for a certificate.

            certificates = [{
                'CertificateArn': certificate_arn,
                'IsDefault': True
            }]
            keyword_args["Certificates"] = certificates
            default_actions=[{'Type': 'forward',
                              'TargetGroupArn': target_group_arn}],
            elbv2_client.create_listener(..., Protocol="HTTPS", Port=443, DefaultActions=default_actions, **keyword_args)

From looking at https://boto3.readthedocs.io/en/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.create_listener
-- it is unclear to me what IsDefault is since it is in a list of certificates itself, so when would it be specified without a certificate?

picture stormm2138

All 4 comments

These kind of service API questions are best answered by the service team themselves on the AWS forums or on stackoverflow. They're most familiar with their API and give you a definitive answer.

As a guess, it looks like the definition for the Certificates list is shared across several options, create_listener, add_listener_certificates, etc. And it looks like when using the list of certificates definition in the create_listener call you have to use it in a specific way as the docs state:

The default SSL server certificate. You must provide exactly one certificate. To create a certificate list, use AddListenerCertificates .

So I'd try just omitting the IsDefault flag for that operation.

jamesls picture jamesls on 20 Jun 2018
👎3

Thanks, I still don't understand why the boto3 docs specify that as a certificate arg in create_listener(), when it isn't supported. It seems to me like the boto documention for create_listener() should be updated to not include that.

stormm2138 picture stormm2138 on 20 Jun 2018

Even, modify_listener() has the same problem. The docs definitely needs some updates it seems.

mascot6699 picture mascot6699 on 27 Jul 2018

Running the command without isDefault=true replaced the default cert for me. There is no need to pass the isDefault argument

Mukund-Illude picture Mukund-Illude on 26 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nueverest picture nueverest  路  3Comments
danielmorozoff picture danielmorozoff  路  3Comments
boompig picture boompig  路  3Comments
jarruda picture jarruda  路  3Comments
leima965 picture leima965  路  3Comments