Hi,
DNS validation fails in ap-southeast-1, but succeeds for the same domain in us-east-1.
We try to use Amazon Certificate Manager (ACM) to generate a certificate for two domains (both in one certificate). Let's say:
example.com
*.example.com
foobar.com
*.foobar.com
We use the DNS validation method for this process and created the needed validation records in both name servers.
We want to deploy the certificate to CloudFront and to a load balancer in ap-southeast-2, so we requested the certificate at ACM in the us-east-1 region and also in the ap-southeast-2 region. It worked perfectly fine in the us-east-1 region (which proves that the DNS entries exist and are valid). However, the same certificate request (same domains) does not go through in ap-southeast-2. The validation status remains "pending" for one of the two domains.
Given a certificate was issued at ACM in the us-east-1 region, this can not be a problem with the DNS validation record. We also followed the checks documented here:
https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/
...and I can confirm that the record has propagated:
dig TXT +short +noshort ...
We also deleted the pending cert request and created another one (using the option to automatically write the CNAME record to our hosted zone) but to no avail. The pending status of the certificate has not changed after more than 24 hours.
We would appreciate any feedback and I am happy to provide domains names, ARN, etc. in a non-public communication.