There are three possible ways of managing SSL certificates:

1. SSL certificate generated by the local authority The local authority’s technology team will provide us with an SSL certificate which should have the specified service subdomain in the format planningapplications.COUNCILNAME.gov.uk and/or a wildcard DNS record *.COUNCILNAME.gov.uk. Along with the certificate, the Council IT team needs to provide us with the private key and any intermediate certs used by your SSL certificate authority. Once we have the SSL certificate we will import it into AWS Certificate Manager.
2. CSR generated by Unboxed We can generate a new Certificate Signing Request (CSR) on the origin server. Once we provide the CSR, the Council IT team will issue the SSL and then they will send it to us. Once we have the SSL certificate we will import it into AWS Certificate Manager.
3. SSL certificate generated by Unboxed We can request a new SSL cert using AWS Certificate Manager (ACM) and we will supply DNS TXT records for you to add to your DNS server which will validate the certificate request in ACM.

Option 1 and 2 will need to be repeated every time the certificate expires whereas option 3 will auto-renew as long as the DNS records remain in place.