AWS Provider - aws_acm_certificate - ValidationException: The certificate field contains more than one certificate

Hello All,

Not sure if this is expected behavior, if so why is it different to aws-cli, but the terraform aws_acm_certificate fails to import the certificate, key & chain generated by the easy-rsa binaries (latest version available on their github), while I can import the same certificates using aws-cli (2.9.3) . Here is what I’m trying to do.

Generate easy-rsa certificates for client vpn:

git clone https://github.com/OpenVPN/easy-rsa.git;
cd easy-rsa;
./easyrsa3/easyrsa init-pki;
./easyrsa3/easyrsa build-ca nopass (example.com);
./easyrsa3/easyrsa build-server-full example.com nopass;

Terraform code:

resource "aws_acm_certificate" "vpn_cert" {
  private_key      = "pki/private/example.com.key"
  certificate_body = "pki/issued/example.com.crt"
  certificate_chain = "pki/ca.crt"
} 

Results in following error:

Error: importing ACM Certificate: ValidationException: The certificate field contains more than one certificate. You can specify only one certificate in this field.

But I am able to import same certs using aws cli with below command successfully:

aws acm import-certificate --certificate fileb://pki/issued/example.com.crt --private-key fileb://pki/private/example.com.key --certificate-chain fileb://pki/ca.crt --region us-west-2