I have an existing CloudFront Distribution, we validated with email before the DNS validation, we would like to switch to DNS validation from Email, not finding a easy way to switchover without downtime.
Is there a way to switch SSL validation with AWS CloudFront without changing the cert?
or If I create a new a cert, is it possible to replace without downtime?
According to the response for this thread in AWS forums, there might be some downtime if you're going to replace the certificate. But as long as you keep the old one there might not be any problem.
As long as your old certificate is still valid then there won't be any downtime in any of the cases.