- Newest
- Most votes
- Most comments
When you click “Create records in route 53” you will be presented with and you can view them In certificate manager. The cnames you need to manually create in your dns zone in route 53
Create the cname records and ACM will issue the certificates in due course
https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
Wait for sometime and try to follow the steps again from the document that you are using. Based on the error it looks like AWS backend api which creates the Route53 records is able to find the new route53 domain you have created. DNS propagation is a complicated thing and could create unknown issues sometime.
As Gary suggested you can try to do it manually by going to Route53 console and creating cname records. But after that use some external tool or command line to make sure that records have been updated as expected.
ex:
from ACM console copy "CNAME name"
and run below command. It should give the same response as CNAME value:
$ dig CNAME _acbde15893052715386f6f4823232083f.example-app.com.
Ah, thank you for pointing me towards the dig command. I get a SERVFAIL when I try it, so there must be something fishy going on with the DNS propagation.
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32469 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Any ideas on where to start for troubleshooting this?
- Is your Route 53 Zone PUBLIC?
- If you recreated your domain, did you update the GLUE records? As the name servers will be different from last time
Relevant content
- asked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
When I did this, it creates the records automatically for me in route 53 and I can see that the cname records in route 53 match the ones I can see in ACM. I also tried deleting the old cname record in route 53 and then creating it manually with the values from ACM. Either way, it still doesn't work for me anymore, just getting stuck in pending validation.
The Zone is public. It turns out that the name servers were different, so I've updated them. It says it could take up to 24 hours to propagate changes, so will update on if this fixed it later. Thank you for all the help so far though!
Updating the name servers is what I needed, thanks for the help! Followed directions on this page https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html
Thanks for the update. Happy you have resolved your issue.