- Newest
- Most votes
- Most comments
Based on the information provided, there are a few potential reasons why your certificate is still showing a "Pending Validation" status despite your efforts:
-
Time delay: After creating the DNS records, it can take up to 30 minutes for the certificate status to update. If you've recently added the CNAME record, you may need to wait a bit longer for the validation to complete.
-
CAA records: Check if there are any Certification Authority Authorization (CAA) records that might be blocking the certificate issuance. These records can prevent ACM from issuing the certificate even if the DNS validation appears correct.
-
DNS propagation: Although you've successfully added the CNAME record and can see it with the 'dig' command, it's possible that the DNS changes haven't fully propagated across all DNS servers. This can cause a delay in the validation process.
-
Multiple domains: If your certificate covers multiple domain names, ensure that you've added the correct CNAME records for all of them. The certificate won't be issued until all domains are validated.
-
Renewal vs. New certificate: Since you're receiving a renewal email, it's possible that you're looking at a new certificate request instead of the renewal of the existing one. Double-check that you're reviewing the correct certificate in the ACM console.
To address these issues:
- Wait for at least 30 minutes to an hour after adding the DNS records before checking again.
- Verify that there are no CAA records blocking ACM from issuing the certificate.
- Check the CNAME records for all domains covered by the certificate.
- Ensure you're looking at the correct certificate in the ACM console (renewal vs. new request).
If the problem persists after checking these points, you may need to contact AWS support for further assistance, as there could be an underlying issue with the ACM service or your specific account.
Sources
Troubleshoot certificate validation - AWS Certificate Manager
Troubleshoot DNS validation problems - AWS Certificate Manager
AWS Certificate Manager DNS validation - AWS Certificate Manager
CertificateDetail - AWS Certificate Manager
Relevant content
- asked 2 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 6 months ago
Yes, that was the issue. The status has now changed to "Success."
Thank you.