The requirement to create a certificate by ACM - you need to create public hosted zone, not private hosted zone. By your question, it appears you are trying to create "Request a public certificate." When someone request an ACM public certificate using DNS validation, ACM provides a CNAME record for each FQDN, and another name (if you have one) that you must add to your DNS configuration to validate your ownership of the domain. Please note, because anyone can create a private DNS zone and put records on it under any domain name, being able to make a change in a private DNS zone doesn't prove public ownership of the domain.
Requesting a private certificate requires the creation of a private certificate authority (CA). To create a private CA, visit AWS Private Certificate Authority
You can request two types of certificate from ACM:
- Request a public certificate, and
- Request a private certificate
Please visit the following links:
https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
Relevant content
- ACM certificate validation pending with Route 53 hosted zone with parent domain in other DNS serviceAccepted Answerasked 8 months ago
- Accepted Answerasked 5 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
