AWS Amplify - SSL Creation error, CNAMEAlreadyExists

0

I don't even know how to explain this, since even I don't know what might be causing the issue. I've been through everything. Checked everything I have ever used inside and outside AWS.

When creating SSL Certificate for my Amplify App under Domain Management, it just always gives me same error (Regardless of when I delete app and create new one):

Something went wrong. Please refer to our troubleshooting guide below to diagnose the issue. After fixing the issue, choose retry below. Error message: One or more of the CNAMEs you provided are already associated with a different resource.

Now I wouldn't create a question on this since there are topics about it, but when I tell you I've tried everything, I literally mean it.

Inside AWS:

CloudFront distributions - I have never used or created one (Though I have previously created Amplify Apps and App before had working SSL) but I checked this just in case because I've read that when you create Amplify App, it creates CloudFront for you, but as I said, I checked and everything is empty (With CLI as well)

RDS - Checked this just in case but figured this has nothing to do with it.

Elastic Beanstalk - Never used it and also checked it and there are 0 enviroments.

S3 - Now I've checked my both S3 Buckets, permissions and policies but nothing to cause issue with CNAME (Also checked for Static Website thing, I am not using that so to answer, that is not the issue). Also I deleted both of them for testing but still was giving me same error, so this isn't an issue.

API Gateway - Never used it, but still checked for Domain Settings, and there are none.

AWS ACM - Checked this as well, there are no custom certificates.

Outside AWS:

Github - I've connected my repos obviously, but I don't see how Github can be an issue here. Just in case I've deleted everything possible from it, issue is still there.

Vercel - Deployed on Vercel, but never used my apex domain from Route 53, so that is not the issue. (Also just in case, I deleted everything from there as well, and issue still there).

Resend - I've checked for any domain settings on resend and deleted them but still an error.

Cloudflare - Just checked in case if there was something, but guess what, there is nothing there as well.

nslookup (Command Prompt) - When I used nslookup to see where my www. subdomain points, it points correctly to my apex domain which in theory it shouldn't cause an issue but it does.

Finally I have reached out to support but obviously I have to pay to solve this, but I really don't and can't do that so my last resort is asking here. I would appreciate any further help. I know it is very hard to solve issue like this, when I've literally said that I've did everything but I just don't know what to do, I am out of options. It's been a week solving this issue for 5 to 6 hours only doing this straight for 7 days and I am losing my mind.

  • If you can share what name you are failing to create the certificate, it might be helpful in finding the issue.

PiToN
asked 4 months ago297 views
3 Answers
0
Accepted Answer

I solved the issue. You won't believe it how.

Today when I checked Amplify I didn't see any Apps under "All Apps" even when I had one up and running. To my surprise I remembered something that happened a month ago with another disappearing Amplify App and I just wanted to make sure to check all of my apps in all of the regions. To my surprise there was 4 more apps. One which was already using eu-west-3. For some reason my Apps disappeared from "All Apps" section.

After I deleted all of the Apps using AWS CLI and set up a new one and created SSL it finally worked.

I've researched this and I think it will become big issue. It's good this happened early since I remember this started happening when they updated "Gen 2" into UI.

Issue was "Apps" disappearing from "All Apps" in AWS Amplify. Solution was to delete all of them using AWS CLI since there was no other way, and create new one and then create SSL again and point it to my main domain.

I would like to thank you Kallu for trying to help me regardless. I really appreciate it, and for this issue, it should be fixed asap, because other people might run into this issue not knowing what is wrong.

PiToN
answered 4 months ago
0

Hmm ... I can see there

www.gameinfiny.com CNAME gameinfiny.com

But gameinfiny.com itself doesn't have any A records and therefore this can not work.

A long ago there was an issue with Amplify wanting to take over the whole domain and work-a-round was to use AWS CLI to register sub-domains like www.gameinfiny.com. Here is what I did for my blog hosted with Amplify.

https://carriagereturn.nl/aws/amplify/static/web/hosting/2019/01/18/amplify.html ]

When you assign custom domain for your application, Amplify Console GUI will always want to take over the whole domain. I had carriagereturn.nl hosted on Route 53 and when I sliced a sub-domain blog.carriagereturn.nl, it wasn’t possible to assign it for app, but Amplify Console always register it as carriagereturn.nl. Work-a-round is use AWS CLI to assign a sub-domain for app. Here is an example from AWS Forum showing how to do this. Remember to replace ROOT_DOMAIN, SUB_DOMAIN, APP_ID and BRANCH with your application specific values.

aws amplify --region us-east-1 create-domain-association \
 --app-id APP_ID --domain-name ROOT_DOMAIN \
 --sub-domain-settings "[{\"prefix\": \"SUB_DOMAIN\",\"branchName\": \"BRANCH\"}]"

Not sure if this is true any longer but this was how I was able to get both https://carriagereturn.nl/ and https://www.carriagereturn.nl/ working. In Route53 I have these records

carriagereturn.nl A (alias) d2lw2wdh807aqh.cloudfront.net.
www.carriagereturn.nl CNAME *.d2lw2wdh807aqh.amplifyapp.com.

where d2lw2wdh807aqh is the last part of your Amplify application ARN.

profile picture
EXPERT
Kallu
answered 4 months ago
  • Tried this, added this record in Route 53:

    www.gameinfiny.com CNAME Simple - No *.d3tyn19imgb745.amplify.app

    Then I ran this in AWS CLI:

    aws amplify --region eu-west-3 create-domain-association
    --app-id APP_ID --domain-name gameinfiny.com
    --sub-domain-settings "[{"prefix": "www","main": "BRANCH"}]"

    It said that it started to create and then I wait and after 2,3 minutes it still says this error:

    Error message: One or more of the CNAMEs you provided are already associated with a different resource.

  • What if you would remove that manually created www CNAME? It also looks to me that alias record for gamefiny.com is still missing and now www is pointing to uixie.porkbun.com.

    ;; QUESTION SECTION: ;www.gameinfiny.com. IN A

    ;; ANSWER SECTION: www.gameinfiny.com. 300 IN CNAME *.d3tyn19imgb745.amplify.app. *.d3tyn19imgb745.amplify.app. 300 IN CNAME uixie.porkbun.com. uixie.porkbun.com. 60 IN A 52.33.207.7 uixie.porkbun.com. 60 IN A 44.230.85.241

0

To answer question from first comment:

I am doing it for gameinfiny.com domain.

I choose under "Domain management settings" Add Domain, I type gameinfiny.com, and then I choose configure domain and I put:

https://gameinfiny.com -> Points to main branch https://www.gameinfiny.com -> Points to main branch

I click Save, then SSL Creation starts. It is successful, then SSL Configuration is in process, which also is correct (checked) and then to the last part Domain Activation it says the given error.

PiToN
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions