Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Certificate renewal fails: DNS correctly set and email contains 0 domains to validate, but domain is waiting for auto-renewal

0

Hello, i've received the allerts that the certificate is going to expire in 10 days. The status on the console says:

Enter image description here

status: issued

Renewal status:Pending auto-renewal

Below, where there are the domain listed there's

Status & renewal status: Success

In the email i've this, and the strange thing is the The following 0 domains require validation:

You have an SSL/TLS certificate from AWS Certificate Manager in your AWS account that expires on Feb 23, 2024 at 23:59:59 UTC. This certificate includes the primary domain <MYDOMAIN> and a total of 2 domains. AWS account ID: <ID> AWS Region name: eu-central-1 Certificate identifier <IDENTIFIER> AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before Feb 23, 2024 at 23:59:59 UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable. .... cut .... The following 0 domains require validation:

The DNS are correctly set The only thing is that the domains are accessible only to specific IP and not public to all world, can it that be a problem? **What should I do? how can I check why it fails? **

Tópicos
Segurança, identidade e conformidade
Tags
AWS Certificate Manager
Idioma
English
Stefano
feita há 3 meses112 visualizações
2 Respostas
1
Resposta aceita

it seesm that i miss https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html once set, how can i renew it and see if it works?

Stefano
respondido há 3 meses
profile picture
ESPECIALISTA
Oleksii Bebych
avaliado há 8 dias
profile picture
ESPECIALISTA
Giovanni Lauria
avaliado há um mês
0

I checked via the CLI and i've found this

** "RenewalStatusReason": "CAA_ERROR"**

"RenewalSummary": {
            "RenewalStatus": "PENDING_AUTO_RENEWAL",
            "DomainValidationOptions": [
                {
                    "DomainName": "cxxxxo",
                    "ValidationDomain": "cuxxxno.io",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_91aadc030b21xxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_68beccdbb7cfxxxxxxws."
                    },
                    "ValidationMethod": "DNS"
                },
                {
                    "DomainName": "sxxxxxxxxxo",
                    "ValidationDomain": "scrixxxxxxo",
                    "ValidationStatus": "SUCCESS",
                    "ResourceRecord": {
                        "Name": "_c16a9xxxxxxxo.",
                        "Type": "CNAME",
                        "Value": "_1bad219c6xxxxxxs."
                    },
                    "ValidationMethod": "DNS"
                }
            ],
            "RenewalStatusReason": "CAA_ERROR",
            "UpdatedAt": "2024-02-14T09:00:05.224000+01:00"
        },
Stefano
respondido há 3 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante