Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Forever pending Certificate Validation

0

Hi,

I'm trying to create a certificate for my domain and have requested certificate and since my hosted zone is on Route53, I've clicked on "Create DNS records". But the certificate is still pending after 1 day and is about to timeout. The hosted zone is Public, I checked I've checked the records, they are exactly as requested. Enter image description here

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
asked a year ago447 views
3 Answers
1
Accepted Answer

Hey,

1.If dig CNAME +short <CNAME_name> value does not return anything , it means, your CNAME have not been added or added to incorrect hosted zone.Ideally, it returns CNAME value.

2.You can check your NS name servers/hosted zone by using the below command: dig +trace <domain name> and verify the name server. Make sure, you add your CNAME to the hosted zone whose NS server matches to the nameserver returned using the dig +trace <domain name> command.

AWS
SUPPORT ENGINEER
answered a year ago
EXPERT
reviewed a year ago
  • Sasha
    a year ago
    1. dig +trace myeverydata.com returned this. Don't see the name servers ((

    (base) alexandernovoselov@alexanders-mbp ~ % dig +trace myeverydata.com

    ; <<>> DiG 9.10.6 <<>> +trace myeverydata.com ;; global options: +cmd ;; Received 28 bytes from 192.168.86.1#53(192.168.86.1) in 28 ms

1

Hello.

Can the CNAME record of the verification domain be resolved using the "dig" command?
If the name cannot be resolved, try registering the CNAME record again.
https://repost.aws/knowledge-center/acm-certificate-pending-validation

EXPERT
answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago
  • Sasha
    a year ago

    The dig command returns this.

    (base) alexandernovoselov@alexanders-mbp ~ % dig _a35f656e7b464c8dda2b0cb101c97b49.myeverydata.com

    ; <<>> DiG 9.10.6 <<>> _a35f656e7b464c8dda2b0cb101c97b49.myeverydata.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25580 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_a35f656e7b464c8dda2b0cb101c97b49.myeverydata.com. IN A

    ;; AUTHORITY SECTION: myeverydata.com. 600 IN SOA ns45.domaincontrol.com. dns.jomax.net. 2024070500 28800 7200 604800 600

    ;; Query time: 29 msec ;; SERVER: 192.168.86.1#53(192.168.86.1) ;; WHEN: Tue Jul 16 12:18:46 BST 2024 ;; MSG SIZE rcvd: 146

    If I use dig +short _a35f656e7b464c8dda2b0cb101c97b49.myeverydata.com then it returns nothing

  • Sasha
    a year ago

    Also, just recreated CNAME records. Still same problem

  • Riku_Kobayashi EXPERT
    a year ago

    Since the A record is returned, please check the CNAME record by typing "dig example.com cname".

0

Ok, the problem was in namespaces as suggested. There were still from GoDaddy, while the namespaces for the hosted zone were from AWS. After change all went well. Thank you

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content