AWS Certificate Manager (ACM) was unable to renew the certificate

0

I am getting an e-mail notification from AWS saying "AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before ........UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable.

To renew this certificate, you must ensure that the proper CNAME records are present in your DNS configuration for each domain listed below. You can find the CNAME records for your domains by expanding your certificate and its domain entries in the ACM console. You can also use the DescribeCertificate command in the ACM API[1] or the describe-certificate operation in the ACM CLI[2] to find a certificate’s CNAME records. For more information, see Automatic Domain Validation Failure in the ACM troubleshooting guide[3]."

When I following the guides it describes validating the CNAME in my DNS. I can find the CNAME in my ACM and in Route53, but I am not sure how do actually do the 'validate'. What action do I need to provide. Thanks

2개 답변
0
수락된 답변

Simply add the CNAME records in the route 53 under the domain name. that's it. it will automatically validate and renew the certificate. else try to flush all old CNAME records create new certificate in ACM ( again ) attach all the CNAME records again in route 53. for more info check :- https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html#troubleshooting-automatic-renewal

답변함 일 년 전
profile picture
전문가
검토됨 6달 전
0

If you have correct CNAME entries then validation should occur automatically, there's nothing more you need to do. Double-check them and have a look at the troubleshooting page in case something there applies - https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html.

전문가
답변함 일 년 전
  • Thanks so much for the reply. So it looks like I have a '.' at the end in my CNAME record in ACM (Route 53 does not have it). So in order to remediate, do I create new certs? It does not look like CNAME is updateable in either in ACM or Route53. Thanks again

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠