Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

new SSL certificate cannot be validated because validation emails are sent to email addresses I don't have access to

0

Hello,

I am stuck. Can you please help?

  1. I own domain <my domain name> and it is under my AWS account.
  2. the emails shown in Route 53 > Registered domains > <my domain name> > Contact Information for the Registrant contact, Admin contact, Tech contact and Billing contact of the domain are all the same: <my personal email address>
  3. when I create a new certificate for the domain (the existing one expires in January 2025), the certificate (shown in AWS Certificate Manager > Certificates > some-certificate-id ) lists the following registered owners, none of which I have access to: admin@<my domain name>, administrator@<my domain name>, <certificate-id>@identity-protect.org, hostmaste r@<my domain name>, postmaste r@<my domain name>, webmaste r@<my domain name>
  4. having created the new certificate, it enters into a state in which validation is expected to take place via an email sent to the email addresses listed in (3)
  5. I don't receive any validation emails because I can only receive emails sent to <my personal email address>, but the validation emails are sent to the email addresses in (3), which I don't have access to

How can I arrange for <my personal email address> to be added to (or replace) the emails where AWS sends a validation email for a new certificate. i.e. how can I add <my personal email address> to the list of registered owners shown for a certificate?

I look forward to your advice,

Philip

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS Certificate ManagerAmazon Route 53
Language
English
asked a year ago259 views
2 Answers
0

I understand your frustration with the SSL certificate validation process. Let me explain the situation and provide some guidance on how to resolve this issue.

The email addresses you're seeing for certificate validation are standard administrative addresses that AWS Certificate Manager (ACM) uses for domain validation. These are not necessarily real email addresses, but rather predefined addresses that ACM attempts to use for validation purposes.

To resolve this issue, you have a few options:

  1. Email Forwarding: You can set up email forwarding for the administrative addresses (admin@, administrator@, hostmaster@, postmaster@, webmaster@) to your personal Gmail address. This way, when ACM sends validation emails to these addresses, they will be forwarded to your Gmail account.

  2. Use DNS Validation: Instead of email validation, you can use DNS validation for your certificate. This method doesn't require access to email addresses. You would need to add a CNAME record to your domain's DNS settings as specified by ACM.

  3. Update Domain Registration Information: Ensure that your domain registration information is up to date and that privacy protection is not preventing you from receiving emails. For domains purchased through Route 53, privacy protection is enabled by default, which can affect email delivery.

  4. Check for Forwarded Emails: If your domain was purchased from Route 53, the validation emails might be sent to obscured email addresses (like @identity-protect.org). These should be forwarded to the email address you have on file with your domain registrar.

To proceed, I recommend:

  1. Double-check your domain registration details in Route 53 to ensure your personal Gmail address is correctly listed.
  2. Consider setting up email forwarding for the administrative addresses to your personal email.
  3. If possible, opt for DNS validation when requesting a new certificate, as this bypasses the need for email validation entirely.

If you continue to have issues, you may need to contact AWS support for further assistance, as there could be specific account or domain registration issues that require their direct intervention.
Sources
Troubleshoot email validation problems - AWS Certificate Manager
Subject: Issue with Pending Validation for SSL Certificate on AWS | AWS re:Post
Troubleshoot certificate validation - AWS Certificate Manager

answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago
0

Hello shibata and thank you for you help.

Having tried deleting the existing certificate (which used email-based validation) and created a new one (which used DNS based validation), and finding that the latter also got stuck waiting for validation, I decided that I wasn't prepared to wait any longer, so I took the nuclear option and migrated the site to a different domain, where creating a certificate with DNS-based validation worked fine!

Philip

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content