You can only change the name and path of a server certificate uploaded to IAM. You can’t update the certificate itself, it’s private key or certificate chain. So it makes sense to include a date in the name itself. I use the expiration date so it’s easy to tell which certificates need to be renewed and which certificates can be safely deleted.
Another command line I seldom remember:
aws iam upload-server-certificate \ --server-certificate-name 20161216_blog_chendry_org \ --certificate-body file://blog_chendry_org.crt \ --private-key file://server.key \ --certificate-chain file://blog_chendry_org.ca-bundle \ --path /cloudfront/