Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Lightsail - Containers - Certificate Validation Trouble

0

I am struggling with certificate validation. I am using Lightsail's container offering, and having trouble with adding a certificate. I've gone through the following documents:

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-creating-container-services-certificates
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-validating-container-services-certificates

We're using CloudFlare, I'm not sure if we have to do something in Route 53 for this, if we do it's not called out well.

Here's what I've done:

  1. Added a DNS zone, we'll call it foo.bar.com

  2. Created certificate for www.foo.bar.com, copied out the CNAME name and value (fake examples below):
    NAME: _99f615c816f97e9a75b03f8dd33d4ef6.www.foo.bar.com.
    VALUE: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws.

  3. Went back to DNS zone, tried adding the CNAME record in several ways:

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6.www
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6.www.foo.bar.com
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: www
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

  1. Waited...

The cert never validates.

Edited by: Tigardis on Jul 20, 2021 12:51 PM

Themen
Kalkulation
Tags
Amazon Lightsail
Sprache
English
Tigardis
gefragt vor 3 Jahren196 Aufrufe
1 Antwort
1

For anyone else out there using Lightsail containers with CloudFlare - this is what worked for me...

  1. Create the certificate request

foo.bar.com (example only)
Record type: CNAME
Name: _d26788eb719c59375c5579553632c805.foo.bar.com.
Value: _44k8a474c783434728fb1tr37ca79b0f.tgpjrkjmjp.acm-validations.aws.

  1. Add the following records to your DNS zone

CNAME
Subdomain Maps to
_d26788eb719c59375c5579553632c805 _44k8a474c783434728fb1tr37ca79b0r.tgpjrkjmjp.acm-validations.aws

CNAME
Subdomain Maps to
foo foo-bar-com.1ljucgre6u7xq.us-east-1.cs.amazonlightsail.com

  1. Add the following record to CloudFlare

CNAME
Name Target Proxy Status
foo foo-bar-com.1ljucgre6u7xq.us-east-1.cs.amazonlightsail.com DNS Only (grey cloud)

  1. Navigate to foo.bar.com, expect an error at this point because you haven't attached a cert

  2. Check the status of your certificate, it should validate at this point - if it does not, try adding the following record to CloudFlare

CNAME
Subdomain Maps to Proxy Status
_d26788eb719c59375c5579553632c805.foo.bar.com _44k8a474c783434728fb1tr37ca79b0r.tgpjrkjmjp.acm-validations.aws DNS Only (grey cloud)
6. Attach the certificate

  1. Navigate to foo.bar.com once more, and HTTPS should work with your custom domain
Tigardis
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt