SSL certificate pending DNS validation
I bought an SSL certificate on a third-party website and it's been pending DNS validation for a while because the CNAME record is not available. I was told that it is impossible to validate my SSL until the record is available. How can I resolve this matter?
- 新しい順
- 投票が多い順
- コメントが多い順
I would recommend deleting and recreating the CNAME. I am not able find it publicly. I do see that the domain apex resolves and the name servers do point to Route 53 name servers. I suspect there is an error somewhere in the way you setup the record. Make sure you are creating it in a Public Hosted Zone (not private if you have one).
Separately, I assume you are aware that you can get free SSL certs from AWS if you are putting them on an ALB. I also assume you are not using an ALB for this site due to expected level of load.
Are you aware that you can use LetsEncrypt.org to get free SSL certificates for your site and use any of these clients to keep them renewed?
You can use the nslookup command to validate DNS propagation and verify that your DNS records have been correctly propagated across the internet.
DNS validation will be pending until DNS propagation is completed.
Here's how you can do it:
-
Open Command Prompt or Terminal: On Windows, open the Command Prompt (cmd.exe). On macOS or Linux, open the Terminal.
-
Run nslookup: In the Command Prompt or Terminal, type
nslookupfollowed by your domain name. For example: nslookup example.com This will perform a DNS lookup for your domain and show you the name servers responsible for that domain. -
Check DNS Records: To check a specific DNS record, you need to specify the record type.
To check a CNAME record: nslookup -type=CNAME example.com
If the DNS record has propagated correctly, you should see the expected TXT value listed in the output.
- Check Multiple DNS Servers: If you're not seeing the correct DNS record, you can query different DNS servers to check if the record has propagated to them. To query a specific DNS server, use the following command: nslookup -type=CNAME _abc123.example.com 8.8.8.8
If the DNS record is visible on some DNS servers but not others, it likely means that the record is still in the process of propagating across the internet.
Keep in mind that DNS propagation can take some time sometimes upto 4 hrs, so if you've just created or updated a DNS record, you may need to wait a while before it becomes visible everywhere.
関連するコンテンツ
- AWS公式更新しました 2年前
Thanks for your answer, my problem is that I created a CNAME record using Route53 but it is unavailable when I try nslookup type=CNAME talentsharbor.com. However, nslookup talentsharbor.com works fine.
The third party website which assigns SSL certificates needs the CNAME record.