Saltar al contenido
Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post
Acerca de re:Post

SSL certificate pending DNS validation

0

I bought an SSL certificate on a third-party website and it's been pending DNS validation for a while because the CNAME record is not available. I was told that it is impossible to validate my SSL until the record is available. How can I resolve this matter?

Enter image description here

Temas
Redes y entrega de contenido
Etiquetas
Amazon Route 53
Idioma
English
preguntada hace un año354 visualizaciones
2 Respuestas
1
Respuesta aceptada

I would recommend deleting and recreating the CNAME. I am not able find it publicly. I do see that the domain apex resolves and the name servers do point to Route 53 name servers. I suspect there is an error somewhere in the way you setup the record. Make sure you are creating it in a Public Hosted Zone (not private if you have one).

Separately, I assume you are aware that you can get free SSL certs from AWS if you are putting them on an ALB. I also assume you are not using an ALB for this site due to expected level of load.

Are you aware that you can use LetsEncrypt.org to get free SSL certificates for your site and use any of these clients to keep them renewed?

AWS
EXPERTO
respondido hace un año
EXPERTO
revisado hace un año
EXPERTO
revisado hace un año
0

You can use the nslookup command to validate DNS propagation and verify that your DNS records have been correctly propagated across the internet. DNS validation will be pending until DNS propagation is completed.

Here's how you can do it:

  1. Open Command Prompt or Terminal: On Windows, open the Command Prompt (cmd.exe). On macOS or Linux, open the Terminal.

  2. Run nslookup: In the Command Prompt or Terminal, type nslookup followed by your domain name. For example: nslookup example.com This will perform a DNS lookup for your domain and show you the name servers responsible for that domain.

  3. Check DNS Records: To check a specific DNS record, you need to specify the record type.

    To check a CNAME record: nslookup -type=CNAME example.com

If the DNS record has propagated correctly, you should see the expected TXT value listed in the output.

  1. Check Multiple DNS Servers: If you're not seeing the correct DNS record, you can query different DNS servers to check if the record has propagated to them. To query a specific DNS server, use the following command: nslookup -type=CNAME _abc123.example.com 8.8.8.8

If the DNS record is visible on some DNS servers but not others, it likely means that the record is still in the process of propagating across the internet.

Keep in mind that DNS propagation can take some time sometimes upto 4 hrs, so if you've just created or updated a DNS record, you may need to wait a while before it becomes visible everywhere.

AWS
respondido hace un año
  • Lisa
    hace un año

    Thanks for your answer, my problem is that I created a CNAME record using Route53 but it is unavailable when I try nslookup type=CNAME talentsharbor.com. However, nslookup talentsharbor.com works fine.

    The third party website which assigns SSL certificates needs the CNAME record.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Contenido relevante