Refresh the AWS VPN certificates
Login to the AWS production tenant & navigate to the AWS Certificate Manager.
Create a certificate request.
Name the cert using DNS validation
RSA 2048 is ok.
If opting for the wildcard, use the *.domain.com format
Download the newly created cert.
Browse to the Client VPN Endpoint:
Select Actions > modify VPN Endpoint
Server certificate ARN > point the cert to the arn identifier > save/modify
Download the client configuration file
Good to go - distribute the cert to the appropriate parties in Keeper