Certificate renewal fails: DNS correctly set and email contains 0 domains to validate, but domain is waiting for auto-renewal

0

Hello, i've received the allerts that the certificate is going to expire in 10 days. The status on the console says:

Enter image description here

status: issued

Renewal status:Pending auto-renewal

Below, where there are the domain listed there's

Status & renewal status: Success

In the email i've this, and the strange thing is the The following 0 domains require validation:

You have an SSL/TLS certificate from AWS Certificate Manager in your AWS account that expires on Feb 23, 2024 at 23:59:59 UTC. This certificate includes the primary domain <MYDOMAIN> and a total of 2 domains. AWS account ID: <ID> AWS Region name: eu-central-1 Certificate identifier <IDENTIFIER> AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before Feb 23, 2024 at 23:59:59 UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable. .... cut .... The following 0 domains require validation:

The DNS are correctly set The only thing is that the domains are accessible only to specific IP and not public to all world, can it that be a problem? **What should I do? how can I check why it fails? **

Stefano
preguntada hace 3 meses112 visualizaciones
2 Respuestas
1
Respuesta aceptada

it seesm that i miss https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html once set, how can i renew it and see if it works?

Stefano
respondido hace 3 meses
profile picture
EXPERTO
revisado hace 9 días
profile picture
EXPERTO
revisado hace un mes
0

I checked via the CLI and i've found this

** "RenewalStatusReason": "CAA_ERROR"**

"RenewalSummary": {
            "RenewalStatus": "PENDING_AUTO_RENEWAL",
            "DomainValidationOptions": [
                {
                    "DomainName": "cxxxxo",
                    "ValidationDomain": "cuxxxno.io",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_91aadc030b21xxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_68beccdbb7cfxxxxxxws."
                    },
                    "ValidationMethod": "DNS"
                },
                {
                    "DomainName": "sxxxxxxxxxo",
                    "ValidationDomain": "scrixxxxxxo",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_c16a9xxxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_1bad219c6xxxxxxs."
                    },
                    "ValidationMethod": "DNS"
                }
            ],
            "RenewalStatusReason": "CAA_ERROR",
            "UpdatedAt": "2024-02-14T09:00:05.224000+01:00"
        },
Stefano
respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas