- Newest
- Most votes
- Most comments
You maybe use AWS Certificate Manager to get SSL/TLS certificate.
There are two kinds of domain validation methods such as DNS and e-mail validation in AWS Certificate Manager.
and it is more convenient to use the DNS validation method to maintain ACM certificates If you can access your DNS service such as Amazon Route53 because it needs less periodical human work to extend the certificates once required records are added.
If you still need to use the e-mail validation method, you should check the pre-defined eight administrative e-mails addresses below:
- administrator@your_domain_name
- hostmaster@your_domain_name
- postmaster@your_domain_name
- webmaster@your_domain_name
- admin@your_domain_name
- "Domain registrant" email address in the WHOIS database for your domain
- "Technical contact" email address in the WHOIS database for your domain
- "Administrative contact" email address in the WHOIS database for your domain
"your_domain_name" means your domain name such as "sub1.sub2.domain-name.com" except if you request an ACM certificate for a domain name that begins with www or a wild-card asterisk (*), ACM removes the leading www or asterisk and sends the email to the administrative addresses.
You should also understand if you use AWS CLI or API directly, a validation email will be sent to "@sub1.sub2.domain-name.com" but if you use AWS Management Console to request an AWS certificate, it will check MX records on behalf of you and this means that it will find MX record for subdomains recursive manner.
For example, if you requested an AWS certificate for the domain "sub1.sub2.domain-name.com" and if there is an MX record in sub2.domain-name.com only, AWS Certificate will check "sub1.sub2.domain-name.com" and then "sub2.domain-name.com" to find MX record, and finally it will send a validation e-mail to "@sub2.domain-name.com" which is the e-mail address with the domain that is the first sub domain which has MX record. If there is no MX record for all sub-domains, it will send the e-mail to the original domain address "*@sub1.sub2.domain-name.com"
I recommend reading this document below for more details. https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-email-validation.html#troubleshooting-no-mail
Where is your domain hosted? Is it on Route 53 or some other 3rd party website? Have you tried manual domain validation? wherein you have to create the CNAME record in your DNS management and that would take sometime to validate.
Relevant content
- asked 5 years ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 5 months ago