AWS Certificate Manager Domain Validation Issue



My validation has timed out at first because of a DNS issue on our DNS provider. We have now resolved this issue from the DNS provider and has provided the right CNAME entry and the entry is reflecting the right record. After retrying the validation however it seems that your side is not properly validating our DNS entry.

doing a dig command on the hostname:

<removed hostname for confidentiality> 600 IN CNAME

;; AUTHORITY SECTION: 900 IN SOA 1 7200 900 1209600 86400

It shows the exact CNAME record that is on the AWS console. I compared the value from my dig and the value on the AWS ACM side with "diff" command and they're exactly the same and identical. I tried checking from different DNS checkers like and and they do show the exact CNAME record.

It's been 3 days now since we are trying to validate the SSL certificate, I tried deleting the certificate from ACM, waited for a few hours to try and clear the cache (if any) from your side, then reentered the ACM certificate records again but to no chance. Can you help check on your side please? Thanks.

asked 2 years ago413 views
1 Answer

Hi, from your question, it seems that you have setup your DNS records correctly. Have you followed the User Guide on DNS validation to make sure you did not miss a step? Otherwise, the best course of action would be to open a ticket with AWS Support so we can verify the precise DNS entry that is needed. An alternative would be to use Email validation instead of DNS validation. Please see here if you would like to follow this route: Hope this helps you, thanks!

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions