By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

TLS certificate still pending even though domain and nameservers correct in route 53

0

Hello,

I am trying to obtain a valid tls certificate through ACM, however, the certificate is still pending. I registered my domain (let's use example.com as the example) in Route 53, and the 4 name servers under route 53 > registered domains > example.com > hosted zone details matches the 4 name servers in my hosted zone under route 53 > hosted zone > example.com - under the NS record. Also, I have 3 other records under r 53 > hosted zone > example.com, them being an A record which routes to my s3 bucket, an SOA record which routes to the first name server of the NS record, and a CNAME record with 'record name' of 'www.example.com' and routing to 'example.com'.

I transferred this domain from another host a month ago, and aws support told me yesterday that the name servers hadn't transferred over correctly, so yesterday I fixed the name servers in route 53 > registered domains > example.com > hosted zone details to the name servers that were within r 53 > hosted zone > example.com - under the NS record. Also, I don't think it took 48 hours for the dns settings to update because they are already updated under route 53 > registered domains > example.com > hosted zone details.

So domain and name servers are all correct, and the aws documentation here says that if all checks out it should take 30 min max to issue a valid certificate. However, it has been almost 24 hours and the certificate for example.com is still pending

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon CloudFrontAmazon Route 53AWS Certificate ManagerDomain Name System (DNS)
Language
English
Jeff F
asked a year ago303 views
1 Answer
1
Accepted Answer

You need to make sure the CNAME records have been created in order for ACM to validate the Domain. Within the ACM certificate, it will define the CNAME record thta needs creating. You have not mentioned you have created this CNAME record!

Also make sure the domain registrar records point to the name servers for this domain.

profile picture
EXPERT
Gary Mclean
answered a year ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
  • Jeff F
    a year ago

    Oh ok I see. I manually added the CNAME records to r 53 > hosted zones > example.com yesterday and now it works! Question though - Do I need only one hosted zone for example.com, or do I need a hosted zone both for example.com and www.example.com ? I'm asking because within the hosted zone r 53 > hosted zones > example.com I now have 3 CNAME records :

    1. 'record name' is www.example.com with 'value/route to' being example.com
    2. randomcharacters1.example.com routing to randomcharacters2.tftwdmzmwn.acm-validation.aws.
    3. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

    In the hosted zone for r 53 > hosted zones > www.example.com I only have one CNAME record, and I think this CNAME record auto-populated somehow. It just happens to be one of the CNAME records from example.com:

    1. randomcharacters3.www.example.com routing to randomcharacters4.tftwdmzmwn.acm-validation.aws.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content