SSL/TLS Manual Renewal


I recently received this email regarding manually renewing my TLS/SSL cert -

AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before Sep 17, 2022 at 23:59:59 UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable.

To renew this certificate, you must ensure that the proper CNAME records are present in your DNS configuration for each domain listed below. You can find the CNAME records for your domains by expanding your certificate and its domain entries in the ACM console. You can also use the DescribeCertificate command in the ACM API[1] or the describe-certificate operation in the ACM CLI[2] to find a certificate’s CNAME records. For more information, see Automatic Domain Validation Failure in the ACM troubleshooting guide[3].

I have gone and verified that the CNAME records match those on my DNS config for the domain that needs to be updated. Is there any further action that needs to take place? For context: my DNS and certificate were both issued and configured through AWS.

1 Answer

If you have verified that the CNAME is present, check if the CNAME actually resolves / propagated as well. To check for DNS propagation you can use To check for DNS resolution you can use command "nslookup <CNAME record>. If this works, the renewal should get through.

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions