By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Certificate Manager Domain Validation Issue

0

Hi,

My validation has timed out at first because of a DNS issue on our DNS provider. We have now resolved this issue from the DNS provider and has provided the right CNAME entry and the entry is reflecting the right record. After retrying the validation however it seems that your side is not properly validating our DNS entry.

doing a dig command on the hostname:

<removed hostname for confidentiality> 600 IN CNAME _f67d857427b98ed6519fc8ebcfe92987.bxmgrlxjqk.acm-validations.aws.

;; AUTHORITY SECTION: bxmgrlxjqk.acm-validations.aws. 900 IN SOA ns-1722.awsdns-23.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

It shows the exact CNAME record that is on the AWS console. I compared the value from my dig and the value on the AWS ACM side with "diff" command and they're exactly the same and identical. I tried checking from different DNS checkers like https://mxtoolbox.com/DNSLookup.aspx and https://dnschecker.org/all-dns-records-of-domain.php and they do show the exact CNAME record.

It's been 3 days now since we are trying to validate the SSL certificate, I tried deleting the certificate from ACM, waited for a few hours to try and clear the cache (if any) from your side, then reentered the ACM certificate records again but to no chance. Can you help check on your side please? Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
AWS-User-2884939
asked 3 years ago570 views
1 Answer
0

Hi, from your question, it seems that you have setup your DNS records correctly. Have you followed the User Guide on DNS validation to make sure you did not miss a step? https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html Otherwise, the best course of action would be to open a ticket with AWS Support so we can verify the precise DNS entry that is needed. https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html An alternative would be to use Email validation instead of DNS validation. Please see here if you would like to follow this route: https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html Hope this helps you, thanks!

AWS
Vincent_R
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content