- 최신
- 최다 투표
- 가장 많은 댓글
Hello.
Has a CNAME record for verifying the SSL certificate been created in the hosted zone?
If so, can you resolve the name using the "dig" command or similar?
https://docs.aws.amazon.com/amplify/latest/userguide/using-certificates.html
By the way, can you use the hosted zone hosted on Route53 normally?
Please check that NS records etc. can be resolved normally.
There are several reasons why you might be experiencing difficulties adding a custom SSL certificate for your domain, both through AWS Amplify and AWS Certificate Manager (ACM) via Lambda/SAM:
-
DNS Propagation Delay: DNS changes can take up to 24-48 hours to propagate globally. This means it might take some time for the internet to recognize your new DNS records pointing to the ACM certificate.
-
Incorrect DNS Configuration: Double-check that your DNS records (CNAME and A records) are correctly set up in Route 53. Ensure that the NS (Name Server) records in your domain registrar match the ones in the Route 53 hosted zone. Any mismatch can cause SSL configuration to fail.
-
Region Mismatch: Make sure the ACM certificate you're creating is in the correct AWS region. For services like CloudFront, certificates must be in the us-east-1 (N. Virginia) region.
-
Permissions Issues: Verify that you have the necessary IAM permissions to create records in your Route 53 hosted zone and to manage ACM certificates.
-
Conflicting Records: Look for any conflicting DNS records (e.g., duplicate CNAMEs or A records) that might interfere with the SSL configuration.
-
CAA Records: Ensure there are no Certification Authority Authorization (CAA) records blocking certificate issuance for your domain.
To resolve these issues:
- Wait for DNS propagation to complete before retrying.
- Manually validate the domain by adding the required CNAME record to your DNS settings in Route 53.
- If using Amplify, try removing and re-adding the domain after ensuring DNS propagation is complete.
- For ACM via Lambda/SAM, make sure your Lambda function has the necessary permissions and is configured correctly.
- Use tools like dig or nslookup to verify your DNS configuration.
If problems persist after trying these steps, you may need to contact AWS Support for further assistance.
Sources
Amplify fails on SSL Configuration | AWS re:Post
Unable to request a Certificate in AWS | AWS re:Post
My Domain is hosted in AWS Route 53 directly. I will wait for 24 hrs then
Has a CNAME record for verifying the SSL certificate been created in the hosted zone? Yes, Got created automatically can you resolve the name using the "dig" command or similar? 2 A Records coming, no CNAME Records coming can you use the hosted zone hosted on Route53 normally? My Domain is hosted on Route 53
Finally Checked the NS Records !! According to the docs, The NS Records of the domain must be modified to match the ones from the Hosted Zone. This fixed it.