Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

TLS certificate still pending even though domain and nameservers correct in route 53

0

Hello,

I am trying to obtain a valid tls certificate through ACM, however, the certificate is still pending. I registered my domain (let's use example.com as the example) in Route 53, and the 4 name servers under route 53 > registered domains > example.com > hosted zone details matches the 4 name servers in my hosted zone under route 53 > hosted zone > example.com - under the NS record. Also, I have 3 other records under r 53 > hosted zone > example.com, them being an A record which routes to my s3 bucket, an SOA record which routes to the first name server of the NS record, and a CNAME record with 'record name' of 'www.example.com' and routing to 'example.com'.

I transferred this domain from another host a month ago, and aws support told me yesterday that the name servers hadn't transferred over correctly, so yesterday I fixed the name servers in route 53 > registered domains > example.com > hosted zone details to the name servers that were within r 53 > hosted zone > example.com - under the NS record. Also, I don't think it took 48 hours for the dns settings to update because they are already updated under route 53 > registered domains > example.com > hosted zone details.

So domain and name servers are all correct, and the aws documentation here says that if all checks out it should take 30 min max to issue a valid certificate. However, it has been almost 24 hours and the certificate for example.com is still pending

Themen
Vernetzung & Bereitstellung von InhaltenSicherheit, Identität & Konformität
Tags
Amazon CloudFrontAmazon Route 53AWS ZertifikatsmanagerDomain Name System (DNS)
Sprache
English
Jeff F
gefragt vor einem Jahr312 Aufrufe
1 Antwort
1
Akzeptierte Antwort

You need to make sure the CNAME records have been created in order for ACM to validate the Domain. Within the ACM certificate, it will define the CNAME record thta needs creating. You have not mentioned you have created this CNAME record!

Also make sure the domain registrar records point to the name servers for this domain.

profile picture
EXPERTE
Gary Mclean
beantwortet vor einem Jahr
profile picture
EXPERTE
Sedat Salman
überprüft vor 10 Monaten
  • Jeff F
    vor einem Jahr

    Oh ok I see. I manually added the CNAME records to r 53 > hosted zones > example.com yesterday and now it works! Question though - Do I need only one hosted zone for example.com, or do I need a hosted zone both for example.com and www.example.com ? I'm asking because within the hosted zone r 53 > hosted zones > example.com I now have 3 CNAME records :

    1. 'record name' is www.example.com with 'value/route to' being example.com
    2. randomcharacters1.example.com routing to randomcharacters2.tftwdmzmwn.acm-validation.aws.
    3. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

    In the hosted zone for r 53 > hosted zones > www.example.com I only have one CNAME record, and I think this CNAME record auto-populated somehow. It just happens to be one of the CNAME records from example.com:

    1. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt