By using AWS re:Post, you agree to the Terms of Use

DNS validation failing by email


I am getting emails from ACM saying that my certificate is about to expire and couldn't be automatically renewed:

AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed before Nov 06, 2020 at 12:00:00 UTC. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable.

However, when I go to ACM in the console, all of the domains on the certificate have "Validation Status: success", so there is nothing to do.

How do I fix this?

1 Answer

The problem was that we had let one of the domains on the certificate lapse. The console still showed all the validation is valid though, which was extremely confusing. When I checked the certificate using the AWS CLI I saw that the lapsed domains were the ones pending validation.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions