AWS Amplify - SSL Creation error, CNAMEAlreadyExists


I don't even know how to explain this, since even I don't know what might be causing the issue. I've been through everything. Checked everything I have ever used inside and outside AWS.

When creating SSL Certificate for my Amplify App under Domain Management, it just always gives me same error (Regardless of when I delete app and create new one):

Something went wrong. Please refer to our troubleshooting guide below to diagnose the issue. After fixing the issue, choose retry below. Error message: One or more of the CNAMEs you provided are already associated with a different resource.

Now I wouldn't create a question on this since there are topics about it, but when I tell you I've tried everything, I literally mean it.

Inside AWS:

CloudFront distributions - I have never used or created one (Though I have previously created Amplify Apps and App before had working SSL) but I checked this just in case because I've read that when you create Amplify App, it creates CloudFront for you, but as I said, I checked and everything is empty (With CLI as well)

RDS - Checked this just in case but figured this has nothing to do with it.

Elastic Beanstalk - Never used it and also checked it and there are 0 enviroments.

S3 - Now I've checked my both S3 Buckets, permissions and policies but nothing to cause issue with CNAME (Also checked for Static Website thing, I am not using that so to answer, that is not the issue). Also I deleted both of them for testing but still was giving me same error, so this isn't an issue.

API Gateway - Never used it, but still checked for Domain Settings, and there are none.

AWS ACM - Checked this as well, there are no custom certificates.

Outside AWS:

Github - I've connected my repos obviously, but I don't see how Github can be an issue here. Just in case I've deleted everything possible from it, issue is still there.

Vercel - Deployed on Vercel, but never used my apex domain from Route 53, so that is not the issue. (Also just in case, I deleted everything from there as well, and issue still there).

Resend - I've checked for any domain settings on resend and deleted them but still an error.

Cloudflare - Just checked in case if there was something, but guess what, there is nothing there as well.

nslookup (Command Prompt) - When I used nslookup to see where my www. subdomain points, it points correctly to my apex domain which in theory it shouldn't cause an issue but it does.

Finally I have reached out to support but obviously I have to pay to solve this, but I really don't and can't do that so my last resort is asking here. I would appreciate any further help. I know it is very hard to solve issue like this, when I've literally said that I've did everything but I just don't know what to do, I am out of options. It's been a week solving this issue for 5 to 6 hours only doing this straight for 7 days and I am losing my mind.

  • If you can share what name you are failing to create the certificate, it might be helpful in finding the issue.

asked 4 months ago297 views
3 Answers
Accepted Answer

I solved the issue. You won't believe it how.

Today when I checked Amplify I didn't see any Apps under "All Apps" even when I had one up and running. To my surprise I remembered something that happened a month ago with another disappearing Amplify App and I just wanted to make sure to check all of my apps in all of the regions. To my surprise there was 4 more apps. One which was already using eu-west-3. For some reason my Apps disappeared from "All Apps" section.

After I deleted all of the Apps using AWS CLI and set up a new one and created SSL it finally worked.

I've researched this and I think it will become big issue. It's good this happened early since I remember this started happening when they updated "Gen 2" into UI.

Issue was "Apps" disappearing from "All Apps" in AWS Amplify. Solution was to delete all of them using AWS CLI since there was no other way, and create new one and then create SSL again and point it to my main domain.

I would like to thank you Kallu for trying to help me regardless. I really appreciate it, and for this issue, it should be fixed asap, because other people might run into this issue not knowing what is wrong.

answered 4 months ago

Hmm ... I can see there CNAME

But itself doesn't have any A records and therefore this can not work.

A long ago there was an issue with Amplify wanting to take over the whole domain and work-a-round was to use AWS CLI to register sub-domains like Here is what I did for my blog hosted with Amplify. ]

When you assign custom domain for your application, Amplify Console GUI will always want to take over the whole domain. I had hosted on Route 53 and when I sliced a sub-domain, it wasn’t possible to assign it for app, but Amplify Console always register it as Work-a-round is use AWS CLI to assign a sub-domain for app. Here is an example from AWS Forum showing how to do this. Remember to replace ROOT_DOMAIN, SUB_DOMAIN, APP_ID and BRANCH with your application specific values.

aws amplify --region us-east-1 create-domain-association \
 --app-id APP_ID --domain-name ROOT_DOMAIN \
 --sub-domain-settings "[{\"prefix\": \"SUB_DOMAIN\",\"branchName\": \"BRANCH\"}]"

Not sure if this is true any longer but this was how I was able to get both and working. In Route53 I have these records A (alias) CNAME *

where d2lw2wdh807aqh is the last part of your Amplify application ARN.

profile picture
answered 4 months ago
  • Tried this, added this record in Route 53: CNAME Simple - No *

    Then I ran this in AWS CLI:

    aws amplify --region eu-west-3 create-domain-association
    --app-id APP_ID --domain-name
    --sub-domain-settings "[{"prefix": "www","main": "BRANCH"}]"

    It said that it started to create and then I wait and after 2,3 minutes it still says this error:

    Error message: One or more of the CNAMEs you provided are already associated with a different resource.

  • What if you would remove that manually created www CNAME? It also looks to me that alias record for is still missing and now www is pointing to


    ;; ANSWER SECTION: 300 IN CNAME * * 300 IN CNAME 60 IN A 60 IN A


To answer question from first comment:

I am doing it for domain.

I choose under "Domain management settings" Add Domain, I type, and then I choose configure domain and I put: -> Points to main branch -> Points to main branch

I click Save, then SSL Creation starts. It is successful, then SSL Configuration is in process, which also is correct (checked) and then to the last part Domain Activation it says the given error.

answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions