- Newest
- Most votes
- Most comments
You need to update your Glue records for your domain based off the newly created route53 zone. Point 6 n the AI answer.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html
I also assume you mean cloudfront not cloud formation.
It sounds like you're experiencing a common issue with AWS Certificate Manager (ACM) validation after recreating your infrastructure. Here are some steps and considerations to help resolve your problem:
-
First, since it's been 72 hours without validation, your certificate request has likely timed out. You'll need to delete the pending certificate and request a new one.
-
When requesting the new certificate, make sure to use DNS validation instead of email validation. DNS validation is more reliable and allows for automatic renewal.
-
After requesting the new certificate, ACM will provide you with CNAME records that need to be added to your Route 53 hosted zone. If you're using the same AWS account for both ACM and Route 53, you should see a "Create records in Route 53" button in the ACM console. This will automatically add the necessary CNAME records to your hosted zone.
-
If the automatic option isn't available, manually add the CNAME records to your Route 53 hosted zone. Ensure you copy the record name and value accurately.
-
After adding the CNAME records, give ACM some time to validate your domain ownership. This process usually completes quickly, but it can take up to 30 minutes for the status to update.
-
Double-check that your Route 53 nameservers are correctly set at your domain registrar. Use the 'dig NS' command to verify this.
-
Ensure there are no Certification Authority Authorization (CAA) records in your DNS that might be blocking certificate issuance.
-
If you're using CloudFormation to manage your ACM certificate, make sure the template includes the correct DomainValidationOptions with the HostedZoneId.
If you continue to face issues after following these steps, you may want to check if there are any DNS propagation delays or if your DNS configuration is correct using tools like dig or nslookup.
Remember, patience is key when dealing with DNS changes. Sometimes, it may take a bit of time for changes to propagate fully.
Sources
Certificate not getting issued | AWS re:Post
Unable to request a Certificate in AWS | AWS re:Post
AWS Certificate Manager DNS validation - AWS Certificate Manager
DNS validation - pending validation | AWS re:Post
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Found it. Posted the simpler answer in EDIT: question.