I want to issue an AWS Certificate Manager (ACM) certificate for a domain name in an Amazon Route 53 private host zone.
You can't request a public certificate for domain names in a private host zone. To issue a public ACM certificate, you must register your domain name and use a public hosted zone.
ACM issues a public certificate only after it validates domain ownership. You can't issue an ACM public certificate for a domain name in a private hosted zone because you can't prove the public domain ownership.
For domain names in a private hosted zone, use AWS Private Certificate Authority to request a private certificate. When you request a private certificate from AWS Private CA, you don't need to validate domain ownership.
What is the best certificate service for my needs?