Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Issuing SSL Certificates For Punycode TLDs (.рф)

0

In AWS Certificate Manager, I am trying to issue a cert for xn--[redacted].xn--p1a (domain.рф), but the request status immediately goes to "❌ Failed" before I even get a chance to add the CNAME record.

The domain has already been added to Route 53, and the nameservers have been set on the registrar. I have followed the same process with no issue with many other domains (including punycode domains!), but this is the first attempt with a punycode TLD (.xn--p1a). https://en.wikipedia.org/wiki/.%D1%80%D1%84

I find nothing in the documentation that disallows certs on xn--p1a domains, but given the immediate failure with no apparent reason, it seems to not be compatible.

Due diligence:

  • The domain has no CAA values.
Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
AWS Certificate ManagerAmazon Route 53Domain Name System (DNS)
Language
English
asked 2 years ago463 views
1 Answer
1

Hello.

I think the answers below are related.
The short answer is that it is currently no longer possible to issue SSL certificates from ACM with Russian TLDs.
So, I think you will need to purchase a certificate from another CA that is not under the control of the US government, as explained in the answer below.
https://repost.aws/questions/QUYz15aV_jQV-UqtCtLtNexw/aws-certificate-manager-acm-certificate-request-fail-verification#ANphXulwBSQgWoPVltKEgp-A

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content