By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lightsail Loadbalancer validate Certificate

0

Hi all, I'm new toward hosting a website for my own knowledge. So i followed some youtube tutorial which worked for that youtuber. But somehow when I create a Load Balancer in Lightsail and also create a certificate, after putting a subdomain.domain.com, the status has been "Attempting to validate your certificate…" which i suspect there's an issue since it been quite awhile. So i am looking for solutions if someone know how to solve this. For additional info: I brought my domain at Hostinger, but i'm not going to use my domain for my instance/work because i may need to use it for others project as well. So that's why i wanted to use only the subdomain with the help of Route 53. But here I am encounter this validating my certificate take too long.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon LightsailAmazon Route 53
Language
English
Nicolas
asked 10 days ago100 views
1 Answer
0

Hi,

For certificate validation, you need to have your registered domain delegating to a DNS zone and then add a CNAME record provided by Lightsail, added to this DNS zone.

So, you have mentioned your domain is registered with Hostinger, but where is your DNS management being done at present? You can use either Lightsail's DNS management OR Route53's DNS management - but best to stick with just one of these i.e. you do NOT want to have both a Lightsail DNS zone and a Route53 hosted-zone - since the domain can only delegate to one of these.

Next you would need to setup records in your DNS zone for both your sub-domain and add the certificate CNAME record. Once all these pieces are correctly linked and AWS is able to verify it, the certificate will get validated.

The steps would be as follows:

  1. Create Lightsail DNS zone OR Route53 hosted-zone (pick one)
  2. Update the Name servers at Hostinger with the name servers provided by Lightsail DNS zone (all further steps assume Lightsail DNS zone, but same can be done instead in Route53 hosted-zone)
  3. Confirm the name server update is successful at Hostinger (if they provide such visibility)
  4. Another way to confirm that name server update is successful, is to run command dig NS <replace-with-your-domain-name> and check that the response lists the name servers you entered that were provided by and match those of Lightsail DNS zone
  5. Add CNAME record to the Lightsail DNS zone for your sub-domain with value as the load-balancer's default endpoint
  6. Add a second CNAME record to the Lightsail DNS zone with name and value as provided by the load-balancer certificate
  7. Confirm first record is correct. One way is to run command dig CNAME <replace-with-your-sub-domain-name> and check that the response lists the load-balancer endpoint (and optionally some IPs)
  8. Confirm second record is correct. One way is to run command dig CNAME <replace-with-name-from-certificate's-validation-record> and check that the response lists the value from the certificate's validation record
  9. Wait few minutes and the certificate should get validated

Thanks.

profile pictureAWS
EXPERT
AWS-SUM
answered 10 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content