Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Certificate renewal fails: DNS correctly set and email contains 0 domains to validate, but domain is waiting for auto-renewal

0

Hello, i've received the allerts that the certificate is going to expire in 10 days. The status on the console says:

Enter image description here

status: issued

Renewal status:Pending auto-renewal

Below, where there are the domain listed there's

Status & renewal status: Success

In the email i've this, and the strange thing is the The following 0 domains require validation:

You have an SSL/TLS certificate from AWS Certificate Manager in your AWS account that expires on Feb 23, 2024 at 23:59:59 UTC. This certificate includes the primary domain <MYDOMAIN> and a total of 2 domains. AWS account ID: <ID> AWS Region name: eu-central-1 Certificate identifier <IDENTIFIER> AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before Feb 23, 2024 at 23:59:59 UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable. .... cut .... The following 0 domains require validation:

The DNS are correctly set The only thing is that the domains are accessible only to specific IP and not public to all world, can it that be a problem? **What should I do? how can I check why it fails? **

Themen
Sicherheit, Identität & Konformität
Tags
AWS Zertifikatsmanager
Sprache
English
Stefano
gefragt vor 3 Monaten112 Aufrufe
2 Antworten
1
Akzeptierte Antwort

it seesm that i miss https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html once set, how can i renew it and see if it works?

Stefano
beantwortet vor 3 Monaten
profile picture
EXPERTE
Oleksii Bebych
überprüft vor 8 Tagen
profile picture
EXPERTE
Giovanni Lauria
überprüft vor einem Monat
0

I checked via the CLI and i've found this

** "RenewalStatusReason": "CAA_ERROR"**

"RenewalSummary": {
            "RenewalStatus": "PENDING_AUTO_RENEWAL",
            "DomainValidationOptions": [
                {
                    "DomainName": "cxxxxo",
                    "ValidationDomain": "cuxxxno.io",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_91aadc030b21xxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_68beccdbb7cfxxxxxxws."
                    },
                    "ValidationMethod": "DNS"
                },
                {
                    "DomainName": "sxxxxxxxxxo",
                    "ValidationDomain": "scrixxxxxxo",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_c16a9xxxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_1bad219c6xxxxxxs."
                    },
                    "ValidationMethod": "DNS"
                }
            ],
            "RenewalStatusReason": "CAA_ERROR",
            "UpdatedAt": "2024-02-14T09:00:05.224000+01:00"
        },
Stefano
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt