Request a public certificate


I am trying to get a free SSL/TLS certificate, I followed the process duly and made sure my domain is valid. However, I'm still not getting any validation mail.

asked 16 days ago32 views
2 Answers

You maybe use AWS Certificate Manager to get SSL/TLS certificate.
There are two kinds of domain validation methods such as DNS and e-mail validation in AWS Certificate Manager. and it is more convenient to use the DNS validation method to maintain ACM certificates If you can access your DNS service such as Amazon Route53 because it needs less periodical human work to extend the certificates once required records are added.

If you still need to use the e-mail validation method, you should check the pre-defined eight administrative e-mails addresses below:

  • administrator@your_domain_name
  • hostmaster@your_domain_name
  • postmaster@your_domain_name
  • webmaster@your_domain_name
  • admin@your_domain_name
  • "Domain registrant" email address in the WHOIS database for your domain
  • "Technical contact" email address in the WHOIS database for your domain
  • "Administrative contact" email address in the WHOIS database for your domain

"your_domain_name" means your domain name such as "" except if you request an ACM certificate for a domain name that begins with www or a wild-card asterisk (*), ACM removes the leading www or asterisk and sends the email to the administrative addresses.

You should also understand if you use AWS CLI or API directly, a validation email will be sent to "" but if you use AWS Management Console to request an AWS certificate, it will check MX records on behalf of you and this means that it will find MX record for subdomains recursive manner.
For example, if you requested an AWS certificate for the domain "" and if there is an MX record in only, AWS Certificate will check "" and then "" to find MX record, and finally it will send a validation e-mail to "" which is the e-mail address with the domain that is the first sub domain which has MX record. If there is no MX record for all sub-domains, it will send the e-mail to the original domain address "*"

I recommend reading this document below for more details.

profile picture
answered 16 days ago

Where is your domain hosted? Is it on Route 53 or some other 3rd party website? Have you tried manual domain validation? wherein you have to create the CNAME record in your DNS management and that would take sometime to validate.

profile picture
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions