Why did my ACM certificate request fail?

3 minute read

I requested a public certificate AWS Certificate Manager (ACM) but the request failed. How can I troubleshoot this?

Short description

To troubleshoot failed ACM certificate requests, check the following:

Available contacts
Unsafe domains
Additional verification required
Public domains that aren't valid
Amazon-owned domains

Resolution

Available contacts

If you used email validation to request the certificate, then make sure that:

You have a working email address that is registered in WHOIS and that the address is visible with a WHOIS lookup.
Your domain is configured to receive email. Your domain's name server must have a mail exchanger record (MX record) so ACM's email servers know where to send the domain validation email.

For more information, see Error message: No Available Contacts.

Unsafe domains

If the requested certificate contains at least one domain in its domain scope that was reported as unsafe by VirusTotal, the certificate request fails. To correct the issue, do the following:

Search for your domain name on the VirusTotal website to see if it's reported as suspicious.
If you believe that the result is a false positive, then notify the organization that is reporting the domain. VirusTotal is an aggregate of several antivirus and URL scanners and can't remove your domain for you.

After you correct the problem and the VirusTotal registry is updated, request a new public certificate.

For more information, see Error message: Domain Not Allowed.

Additional verification required

This occurs as a fraud-protection measure if your domain ranks within the Alexa top 1000 websites.

Use the AWS Support Center to contact AWS Support. AWS Support will assist you with adding your domains to an allow list. For more information, see Error message: Additional Verification Required.

Public domains that aren't valid

If the requested certificate includes a public domain that isn't valid, then the certificate fails with the following error:

"One or more domain names is not a valid public domain."

Request a new certificate, and then make sure that the top-level domains of all domains specified in the certificate’s domain scope are valid.

Amazon-owned domains

If the requested certificate includes an Amazon-owned domain, such as those ending in amazonaws.com, then the certificate request will fail with the following error:

"Additional verification required to request certificates for one or more domain names in this request."

Request a new certificate with a domain name that isn't owned by Amazon. For more information, see Error message: Additional Verification Required.

Related information

Certificate request fails

ACM certificate characteristics

Why am I not receiving validation emails when using ACM to issue or renew a certificate?

Topics

Security, Identity, & Compliance

Relevant content

Failed to request public certificate in ACM
Accepted Answer
doaa
asked 5 months ago
Request for ACM certificate is failed
Accepted Answer
raaka
asked 9 months ago
AWS Certificate Manager (ACM) certificate request fail (verification)
Igor
asked 3 months ago
ACM Certificate request with DNS validation fails immediately
Tim
asked 6 months ago
ACM Certificate Request Limit
Accepted Answer
Guy
asked 2 months ago
Why did my publicly trusted ACM certificate fail managed renewal?
AWS OFFICIALUpdated 2 years ago
Why is my ACM certificate marked as ineligible for renewal?
AWS OFFICIALUpdated 9 months ago
Why did my ACM certificate request fail with additional verification required?
AWS OFFICIALUpdated 2 years ago
Why is my certificate renewal still pending after I validated my domain names using the ACM managed renewal process?
AWS OFFICIALUpdated 2 years ago
Troubleshoot null_pointer_exception during remote reindexing in OpenSearch VPC domains
EXPERT
Cathy W
published 2 months ago