Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

TLS certificate still pending even though domain and nameservers correct in route 53

0

Hello,

I am trying to obtain a valid tls certificate through ACM, however, the certificate is still pending. I registered my domain (let's use example.com as the example) in Route 53, and the 4 name servers under route 53 > registered domains > example.com > hosted zone details matches the 4 name servers in my hosted zone under route 53 > hosted zone > example.com - under the NS record. Also, I have 3 other records under r 53 > hosted zone > example.com, them being an A record which routes to my s3 bucket, an SOA record which routes to the first name server of the NS record, and a CNAME record with 'record name' of 'www.example.com' and routing to 'example.com'.

I transferred this domain from another host a month ago, and aws support told me yesterday that the name servers hadn't transferred over correctly, so yesterday I fixed the name servers in route 53 > registered domains > example.com > hosted zone details to the name servers that were within r 53 > hosted zone > example.com - under the NS record. Also, I don't think it took 48 hours for the dns settings to update because they are already updated under route 53 > registered domains > example.com > hosted zone details.

So domain and name servers are all correct, and the aws documentation here says that if all checks out it should take 30 min max to issue a valid certificate. However, it has been almost 24 hours and the certificate for example.com is still pending

Argomenti
Networking e distribuzione di contenutiSicurezza, identità e conformità
Tag
Amazon CloudFrontAmazon Route 53Gestore certificati AWSDomain Name System (DNS)
Lingua
English
Jeff F
posta un anno fa312 visualizzazioni
1 Risposta
1
Risposta accettata

You need to make sure the CNAME records have been created in order for ACM to validate the Domain. Within the ACM certificate, it will define the CNAME record thta needs creating. You have not mentioned you have created this CNAME record!

Also make sure the domain registrar records point to the name servers for this domain.

profile picture
ESPERTO
Gary Mclean
con risposta un anno fa
profile picture
ESPERTO
Sedat Salman
verificato 10 mesi fa
  • Jeff F
    un anno fa

    Oh ok I see. I manually added the CNAME records to r 53 > hosted zones > example.com yesterday and now it works! Question though - Do I need only one hosted zone for example.com, or do I need a hosted zone both for example.com and www.example.com ? I'm asking because within the hosted zone r 53 > hosted zones > example.com I now have 3 CNAME records :

    1. 'record name' is www.example.com with 'value/route to' being example.com
    2. randomcharacters1.example.com routing to randomcharacters2.tftwdmzmwn.acm-validation.aws.
    3. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

    In the hosted zone for r 53 > hosted zones > www.example.com I only have one CNAME record, and I think this CNAME record auto-populated somehow. It just happens to be one of the CNAME records from example.com:

    1. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente