ACM was unable to renew the certificate automatically using DNS validation. Next step verification.


Problem: AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. Site has been running for one year.

Fix: To renew this certificate, you must ensure that the proper CNAME records are present in your DNS configuration for each domain.

My setup:

  • Purchased domain name through GoDaddy
  • GoDaddy pointing at AWS NS
  • Static HTML files hosted in web-enabled S3
  • Using AWS Cloudfronts
  • Using Route52 for hosted Zone
  • Using AWS certificate manager for certs

I found the required CNAME name/value for each of the domains in ACM. I can see the Renewal Status is set to ‘Pending validation’ for each.

Hosted Zone currently includes; A, NS, SOA, records but no CNAME records.

Questions: Is my next step to add these CNAME name/value records to the ‘Records’ section of the Hosted Zone? Are there any changes I should make to the name/value strings, like removing period postfix? Is there anything else I will need to do?

Thank you for any assistance.

1 Answer
Accepted Answer
answered 2 years ago
  • Thank you SeanM. So instead of adding records manually I can just use the 'Create records in Route53' button. Will there be anything else to do ... besides test after some period? The test would be to check on Renewal Status, then also confirm site's cert on the day it was due to expire I assume.

    Thanks again.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions