Not receiving validation email

0

I recently purchased a url via route 53. Next, I set up my records. I pointed the url to my elastic beanstalk. Now, I would like to create a certificate through ACM. However, I am not receiving the validation email. My email is accurate and receiving all other AWS emails. Please help.

3 Answers
2
Accepted Answer

I suggest you use DNS validation for the certificate and not emails. DNS validation only requires you to add a CNAME record in your Route 53 hosted zone with the name and value indicated for your certificate request by ACM, and once added, ACM will both issue the certificate and automatically renew it year after year without requiring any manual actions.

Email validation requires manual approval to be granted every time the certificate needs to be renewed, and as you're just observing, there's always a risk of the email not getting delivered.

You can switch to DNS validation by creating a new certificate request in ACM and choosing the DNS validation method. You'll see the CNAME record(s) to add in the properties of the requested certificate then. If your hosted zone is in the same AWS account, there will also be a button in the console that adds the record(s) for you. More detailed instructions are explained in documentation: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html

EXPERT
Leo K
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile picture
EXPERT
reviewed a month ago
0

Starting June 2024, ACM won't support new email validation through WHOIS contact addresses. It means that it will no longer send domain validation emails to mailboxes associated with WHOIS lookup for issuing the email-validated certificates. Going forward, with Email validated certificates, ACM will only send validation emails to the five common system addresses:

administrator@your_domain_name
hostmaster@your_domain_name
postmaster@your_domain_name
webmaster@your_domain_name
admin@your_domain_name

To issue/renew your certificates, you will need to configure and monitor at least one of the five system administrator addresses listed above for validation email. You can configure your domain to receive the validation email. Using Amazon WorkMail or Amazon Simple Email Service (Amazon SES) with AWS Directory Service Simple Active Directory (Simple AD). To do this, you may follow the steps listed in the document [2], there is also a video attached that you can follow. I suppose you haven't yet configured these email addresses due to which you are unable to receive the validation emails.

References:

  1. https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
  2. https://repost.aws/knowledge-center/ses-sns-domain-validation-email#
answered a month ago
  • Again, no one should use email validation, if they are able to use DNS validation. Anyone obtaining certificates for the domain should be able to use DNS validation. The core benefit is removing the need for human involvement to obtain or renew certificates for names/records for which the DNS records have been added once. Using DNS validation instead of email validation is also Amazon's official recommendation, as stated in this documentation article: https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html

0

Yes, it is recommended by ACM to use DNS Validation method as it is hassle free approach. However, in some scenarios where the users don't have access to manage the domain's DNS configuration, they try to go for the email validation method.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions