Internal Service: _background_acm_upgrade

Upgrades from Let’s Encrypt certificate to ACM-native certificate for automatic renewal.

Purpose

Let’s Encrypt certificates expire after 90 days and require manual renewal. ACM certificates auto-renew indefinitely. This background task upgrades to ACM after the proxy is deployed.

Function Signature

async def _background_acm_upgrade(
    domain: str,
    distribution_id: str,
    old_certificate_arn: str,
    entity_id: str,
    org_id: str
)

Parameters

Parameter	Type	Description
`domain`	str	The custom domain (e.g., “www.example.com”)
`distribution_id`	str	CloudFront distribution ID
`old_certificate_arn`	str	Current Let’s Encrypt certificate ARN
`entity_id`	str	Database entity ID
`org_id`	str	Clerk organization ID

Execution Flow

Timing

Delay: 60 seconds after Step 2 completes
Duration: 2-10 minutes (ACM validation time)
Non-blocking: User doesn’t wait for this

Dependencies

src/app/apis/domain/shared/acm_upgrade.py - upgrade_to_acm_native()

Code Location

src/app/apis/domain/mark_step_complete/routes.py

Getting Started

Website

Onboarding

Cron

Your Current Setup

What We're Doing

Explore

Settings - Toggle

Settings - Business

Settings - Team

Settings - Billing

Settings - Domain

Webhooks

Health

Manual Trigger

ACM Upgrade

Internal Service: _background_acm_upgrade

Purpose

Function Signature

Parameters

Execution Flow

Timing

Dependencies

Code Location

Getting Started

Website

Onboarding

Cron

Your Current Setup

What We're Doing

Explore

Settings - Toggle

Settings - Business

Settings - Team

Settings - Billing

Settings - Domain

Webhooks

Health

Manual Trigger

​Internal Service: _background_acm_upgrade

​Purpose

​Function Signature

​Parameters

​Execution Flow

​Timing

​Dependencies

​Code Location

Internal Service: _background_acm_upgrade

Purpose

Function Signature

Parameters

Execution Flow

Timing

Dependencies

Code Location