SSL Certificate not getting renewed

0

Dear Forum Users,

Can anyone guide me why my SSL renewal process is not going ahead, I have added the proper records under CNAME under ACM section, and based on below DNS Chcker, it keeps showing Red Cross for the Turkey region, and rest of the regions are Green Tickmarks. And it looks like that without that Turkey region validation, ACM will not fully show validated status. Any input will be highly appreciated, as today is the expiry date for my SSL.

https://whatsmydns.me/#CNAME/_acme-challenge.terteel.com

Kind Regards.

2 Answers
1
Accepted Answer

Steps to Troubleshoot and Resolve the Issue:

Check DNS Propagation:

Since you're using a DNS checker tool, verify that the CNAME record for _acme-challenge.terteel.com is correctly propagated globally, especially in the Turkey region. If there's a red cross, it indicates that the CNAME record hasn't propagated correctly to all DNS servers in that region.

Ensure Correct CNAME Record:

Double-check the CNAME record you added in your DNS provider. Ensure that the value matches exactly what ACM provided, including any trailing dots and avoiding any accidental spaces.

TTL Settings:

Review the Time-To-Live (TTL) settings for your DNS records. If the TTL is set too high, it might delay the propagation. Lowering the TTL (e.g., to 300 seconds) temporarily during this process might help speed up propagation.

Manual DNS Check:

Manually query the DNS record using tools like dig or nslookup to check from different geographical regions. This can help pinpoint if the issue is specific to Turkey or just a temporary DNS propagation delay.

Example using dig:

dig _acme-challenge.terteel.com CNAME +short

Compare the output with the expected ACM-provided CNAME target.

DNS Propagation Delays:

Sometimes, DNS propagation can take longer in specific regions due to various reasons like ISP caching or regional DNS server issues. If time permits, waiting a few more hours might resolve the issue.

Alternative Validation Methods:

If the DNS validation is taking too long or failing, you could consider switching to email validation or HTTP validation if your domain setup allows it.

ACM Support Contact:

Given that your SSL certificate is about to expire today, if the issue persists and you cannot resolve it, consider reaching out to AWS Support for urgent assistance. They might be able to provide insights or expedite the validation process.

Temporary SSL Certificate:

If the SSL certificate expires and the validation is still pending, consider using a temporary SSL certificate (e.g., from Let's Encrypt) to avoid downtime, while you continue resolving the ACM validation issue.

EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago
  • Dear Thanniru: Thanks for your prompt response, my TTL settings were already 300 seconds, but this Turkey kept showing not validated for nearly 1 day now, also today when I logged into my ACM console, it doesn't show my certificate, so do you think ACM has now deleted my certificate?

  • Yes, ACM likely deleted your certificate due to the failed DNS validation within the required timeframe. You'll need to request a new certificate in ACM, ensure the CNAME records are correct, and monitor DNS propagation closely.

  • hi buddy: I just created a new certificate in ACM and even for this one, Turkey region is not being resolved :(

    https://whatsmydns.me/#CNAME/*.acme-challenge.terteel.com

    Is it due to my office Wifi or some issue with my wifi settings? And any idea how can I fix this issue?

  • may be Office Wi-Fi setting can you please try once Personal laptop buddy

  • Hi buddy: I have tried from my home wifi too, and still only that Turkey region is giving the issue. I have just recorded my screen to share with you all the steps that I am following, please take a look at it and guide me if I am doing anything wrong? https://we.tl/t-90W33c83C5

0

Hi buddy: I have tried from my home wifi too, and still only that Turkey region is giving the issue. I have just recorded my screen to share with you all the steps that I am following, please take a look at it and guide me if I am doing anything wrong? https://we.tl/t-90W33c83C5

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions