Add certificate CNAME to Route 53 for static website

0

I'm following this tutorial on creating a static website using S3, Cloudfront, and Route 53. I've followed all the steps, however in my Route 53 for the website, it hasn't created a CNAME to connect to the certificate (for my previous time following this tutorial the CNAME was generated automatically).

I've tried creating the CNAME manually in Route 53 by going through the "Create Record" option, however I get the error

Bad request.
(InvalidChangeBatch 400: RRSet of type CNAME with DNS name example.com. is not permitted at apex in zone example.com.)

If I try to visit the website I get the error "DNS_PROBE_FINISHED_NXDOMAIN". Is there another way to add the certificate CNAME to Route 53?

3 Answers
0
Accepted Answer

The problem was I was only adding the CNAME value when trying to add it through Route 53, and instead needed to also add the CNAME name field as well. Once I included both, it let me add the CNAME.

Jacob
answered 2 months ago
0

Follow the following guide on how to Resolve DNS Issues with ACM Certificates and Route 53. Seems like your domain name for your certificate is not yet verified, hence you need as you pointed out to create the record so it can be verified. (see step 1). Step 2 you need to create an alias not a CNAME because CNAME cannot be the root domain (example.com).

  1. Add ACM CNAME Records for Validation:

    • Go to the AWS Certificate Manager (ACM) in the AWS Management Console.
    • Find your certificate request and note the CNAME records listed for domain validation.
    • In Route 53:
      1. Go to the "Hosted zones" section.
      2. Select your domain's hosted zone.
      3. Click on "Create record."
      4. Choose "CNAME" as the record type.
      5. Enter the Name and Value from ACM exactly as provided.
      6. Save the record.
  2. Configure Alias Record for Root Domain:

    • For the root domain (example.com), you need to use an Alias record instead of a CNAME.
    • In Route 53:
      1. Go to the "Hosted zones" section.
      2. Select your domain's hosted zone.
      3. Click on "Create record."
      4. Leave the "Record name" field empty (for the root domain).
      5. Choose "Alias" as the record type.
      6. In the "Alias target" field, select your CloudFront distribution or S3 bucket from the list.
      7. Save the record.
  3. Verify DNS Configuration:

    • Make sure there are no conflicting records.
    • Wait for DNS changes to propagate, which can take a few minutes to several hours.

If issues persist, double-check the ACM validation CNAME records and ensure there are no typos or configuration errors.

AWS
emned
answered 2 months ago
0

RRSet of type CNAME with DNS name example.com. is not permitted at apex in zone example.com

This could be as simple as you needing to choose a record type of Alias rather than CNAME, since (as the error message suggests) you can't have a CNAME as the zone apex record (e.g. you can have a CNAME for www.example.com but not for plain example.com ) https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html

Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also known as the zone apex.

If this isnt the problem, can you expand on what you mean by

it hasn't created a CNAME to connect to the certificate

Which step is this in the guide you are following?

Firstly, have you successfully created a certificate in Amazon Certificate Manager, in region us-east-1 (must be this region to wrok with CloudFront)?

Secondly, have you validated this certificate using DNS? ACM & Route 53 should do almost all of the work for you, creating a TXT record (not a CNAME) whose name started with an underscore followed by a string of random characters.

And thirdly, is this validated certificate associated with your CloudFront distribution?

profile picture
EXPERT
Steve_M
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions