- Newest
- Most votes
- Most comments
Adding to what @Riku_Kobayashi suggests, it can be seen on https://www.dominios.es/ that the domain was registered last week and that it has four AWS nameservers which looks correct.
But there are not propagating globally https://dnschecker.org/#NS/pseudomedios.es
Using one of the servers that (at time of writing) does give a reply, e.g. the one in New Zealand:
$ dig @122.56.107.86 +noall +nocmd +answer pseudomedios.es ns
pseudomedios.es. 85766 IN NS ns-331.awsdns-41.com.
pseudomedios.es. 85766 IN NS ns-852.awsdns-42.net.
pseudomedios.es. 85766 IN NS ns-1161.awsdns-17.org.
pseudomedios.es. 85766 IN NS ns-1789.awsdns-31.co.uk.
$
But many more don't give a reply, including the likes of Google and CloudFlare:
$ dig @8.8.8.8 +noall +nocmd +answer pseudomedios.es ns
$ dig @1.1.1.1 +noall +nocmd +answer pseudomedios.es ns
$
Until this is fixed your certs won't be able to validate, because ACM validates by querying the public DNS.
Suggest going into the Route 53 public hosted zone and verifying that the NS records are correct. And reducing the TTL value to something small like 300 seconds. Also if you are using DNSSEC then disable it until you get things working.
Hello.
I have confirmed the propagation of NS records on the following sites, but NS records cannot be confirmed in most countries.
https://www.nslookuptool.com/#NS&pseudomedios.es
I suspect that the propagation of NS records was delayed and ACM domain verification failed.
Why not try issuing the certificate after the NS record has been propagated a little more?
https://repost.aws/knowledge-center/acm-certificate-pending-validation
Relevant content
- asked 2 years ago
