By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

BUG: ACM DNS Validation

0

When I request DNS validation in ACM it requires a CNAME like this...

_e9c658db0586a960e37c249b87ba0b12.my.domain.

note the period (dot / full stop) at the end

I then click the button to create the record in Route53 it creates this:

_e9c658db0586a960e37c249b87ba0b12.my.domain

(no dot)

Route53 does not allow me to create a CNAME with a period at the end.

What do I do?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53AWS Certificate ManagerDomain Name System (DNS)
Language
English
Howard
asked 2 months ago138 views
1 Answer
0

Hello.

In Amazon Route 53, the trailing "." in a domain name is optional and is considered the same with or without the trailing ".".
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html

For record types that include a domain name, enter a fully qualified domain name, for example, www.example.com. The trailing dot is optional; Route 53 assumes that the domain name is fully qualified. This means that Route 53 treats www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.

profile picture
EXPERT
Riku_Kobayashi
answered 2 months ago
  • Howard
    2 months ago

    Ok, my certificate has been pending since yesterday. I figured that was the problem. What else could be wrong?

  • Riku_Kobayashi EXPERT
    2 months ago

    Can I resolve the domain name using the following command? https://repost.aws/knowledge-center/acm-certificate-pending-validation

    dig +short _example-cname.example.com
dig NS example.com

    If you cannot check the NS records, please try checking the NS records using the "whois" command. If the result checked with whois and the NS record registered in Route53 are different, please change it to the NS record checked with whois.

    whois example.com
  • Howard
    2 months ago

    Ha ok it looks like the create cname button didn't actually create the cname...

    
➜  ~ dig _e9c658db0586a960e37c249b87ba0b12.intentional.industries CNAME

; <<>> DiG 9.10.6 <<>> _e9c658db0586a960e37c249b87ba0b12.intentional.industries CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37138
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_e9c658db0586a960e37c249b87ba0b12.intentional.industries. IN CNAME

;; AUTHORITY SECTION:
intentional.industries.	900	IN	SOA	ns-1335.awsdns-38.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 302 msec
;; SERVER: fe80::66cc:22ff:fe9a:d4f4%6#53(fe80::66cc:22ff:fe9a:d4f4%6)
;; WHEN: Fri Feb 16 09:23:36 GMT 2024
;; MSG SIZE  rcvd: 170
  • Riku_Kobayashi EXPERT
    2 months ago

    Did you create it from the button "Create recodes in Route53"? a

  • Howard
    2 months ago

    yes I did - I just went through the process again to make sure. I added subdomains api. and www. all three records were created in route53 but still pending validation forever...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content