You maybe use AWS Certificate Manager to get SSL/TLS certificate.
There are two kinds of domain validation methods such as DNS and e-mail validation in AWS Certificate Manager. and it is more convenient to use the DNS validation method to maintain ACM certificates If you can access your DNS service such as Amazon Route53 because it needs less periodical human work to extend the certificates once required records are added.
If you still need to use the e-mail validation method, you should check the pre-defined eight administrative e-mails addresses below:
- "Domain registrant" email address in the WHOIS database for your domain
- "Technical contact" email address in the WHOIS database for your domain
- "Administrative contact" email address in the WHOIS database for your domain
"your_domain_name" means your domain name such as "sub1.sub2.domain-name.com" except if you request an ACM certificate for a domain name that begins with www or a wild-card asterisk (*), ACM removes the leading www or asterisk and sends the email to the administrative addresses.
You should also understand if you use AWS CLI or API directly, a validation email will be sent to "@sub1.sub2.domain-name.com" but if you use AWS Management Console to request an AWS certificate, it will check MX records on behalf of you and this means that it will find MX record for subdomains recursive manner.
For example, if you requested an AWS certificate for the domain "sub1.sub2.domain-name.com" and if there is an MX record in sub2.domain-name.com only, AWS Certificate will check "sub1.sub2.domain-name.com" and then "sub2.domain-name.com" to find MX record, and finally it will send a validation e-mail to "@sub2.domain-name.com" which is the e-mail address with the domain that is the first sub domain which has MX record. If there is no MX record for all sub-domains, it will send the e-mail to the original domain address "*@sub1.sub2.domain-name.com"
I recommend reading this document below for more details. https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-email-validation.html#troubleshooting-no-mail
Where is your domain hosted? Is it on Route 53 or some other 3rd party website? Have you tried manual domain validation? wherein you have to create the CNAME record in your DNS management and that would take sometime to validate.
Domain Certificate Validationasked 4 months ago
Email validation in ACM still pending after 12 hours!asked 2 months ago
Request a public certificateasked 16 days ago
My certificate request is taking a long time to validateasked 3 years ago
Certificate Manager: renewal with domain validation fails to renew, expecting CAA recordsasked 2 months ago
ACM certificate won't validate for newly registered domain in Route53asked 7 months ago
Certificate Validation LighSailasked 8 months ago
AWS Certificate Manager Domain Validation Issueasked 8 months ago
HELP, I am not technical, My AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. How can I solve this?asked 9 days ago
ACM certificate for subdomain in different aws account validation stuck in pending validationasked 10 months ago