Error trying to update SSL certificate

[mwildehahn]

I was trying to update the ssl-cert for an app and got the following:

$ emp ssl-cert-add -a services crt.pem key.pem
error: DeleteConflict: Certificate: BLAH is currently in use by arn:aws:elasticloadbalancing:us-west-2:BLAH:loadbalancer/BLAH. Please remove it first before deleting it from IAM.
    status code: 409, request id: [c6e50af2-6b90-11e5-91fc-4df76678f0a4]

[mwildehahn]

The error from AWS makes sense since empire is attempting to delete the certificate without disconnecting it from the load balancer.

It seems like empire should be more gracefully detatching, deleting, and then adding the new SSL certificate.

[mwildehahn]

there is no "UpdateLoadBalancer" only "CreateLoadBalancer" which will create a load balancer with an SSL cert if it exists before it creates the process in ECS.

there should be an UpdateLoadBalancer call that can be called from ssl-cert-add and friends. i'll work on adding that.

[mwildehahn]

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_SetLoadBalancerListenerSSLCertificate.html @phobologic pointed out this documentation, which ssl-add-cert should be calling if the load balancer exists