Lightsail - Containers - Certificate Validation Trouble

0

I am struggling with certificate validation. I am using Lightsail's container offering, and having trouble with adding a certificate. I've gone through the following documents:

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-creating-container-services-certificates
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-validating-container-services-certificates

We're using CloudFlare, I'm not sure if we have to do something in Route 53 for this, if we do it's not called out well.

Here's what I've done:

  1. Added a DNS zone, we'll call it foo.bar.com

  2. Created certificate for www.foo.bar.com, copied out the CNAME name and value (fake examples below):
    NAME: _99f615c816f97e9a75b03f8dd33d4ef6.www.foo.bar.com.
    VALUE: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws.

  3. Went back to DNS zone, tried adding the CNAME record in several ways:

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6.www
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6.www.foo.bar.com
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: _99f615c816f97e9a75b03f8dd33d4ef6
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

Subdomain: www
Maps to: _a65a0fedrb2074exde9891b43ce9a4c7.diekrythgu.acm-validations.aws

  1. Waited...

The cert never validates.

Edited by: Tigardis on Jul 20, 2021 12:51 PM

asked a year ago14 views
1 Answer
0

For anyone else out there using Lightsail containers with CloudFlare - this is what worked for me...

  1. Create the certificate request

foo.bar.com (example only)
Record type: CNAME
Name: _d26788eb719c59375c5579553632c805.foo.bar.com.
Value: _44k8a474c783434728fb1tr37ca79b0f.tgpjrkjmjp.acm-validations.aws.

  1. Add the following records to your DNS zone

CNAME
Subdomain Maps to
_d26788eb719c59375c5579553632c805 _44k8a474c783434728fb1tr37ca79b0r.tgpjrkjmjp.acm-validations.aws

CNAME
Subdomain Maps to
foo foo-bar-com.1ljucgre6u7xq.us-east-1.cs.amazonlightsail.com

  1. Add the following record to CloudFlare

CNAME
Name Target Proxy Status
foo foo-bar-com.1ljucgre6u7xq.us-east-1.cs.amazonlightsail.com DNS Only (grey cloud)

  1. Navigate to foo.bar.com, expect an error at this point because you haven't attached a cert

  2. Check the status of your certificate, it should validate at this point - if it does not, try adding the following record to CloudFlare

CNAME
Subdomain Maps to Proxy Status
_d26788eb719c59375c5579553632c805.foo.bar.com _44k8a474c783434728fb1tr37ca79b0r.tgpjrkjmjp.acm-validations.aws DNS Only (grey cloud)
6. Attach the certificate

  1. Navigate to foo.bar.com once more, and HTTPS should work with your custom domain
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions