Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Subject: Issue with Pending Validation for SSL Certificate on AWS

0

Hello,

I am encountering an issue with the SSL certificate validation process for my domain miestacionmeteorologicauy.com (Amazon Issued). The certificate is showing as "Pending Validation" and is marked as "Ineligible," despite having verified the proper delegation of domains.

I have confirmed that both the CNAME record provided by the AWS Certificate Manager and the Route 53 service settings are correctly configured. However, the certificate has been in the "Pending Validation" status for over 72 hours and eventually ends up with a "Certification Failed" error.

Additionally, when I perform an nslookup -type=NS on the domain I purchased from AWS, it returns the following:

Servidor: 192.168.0.1 Address: 192.168.0.1

DNS request timed out. timeout was 2 seconds.

I have successfully used other local domain providers from my country without any issues in the past, so I am not sure why this is happening with AWS.

Could anyone provide guidance on why the certificate validation is not proceeding, and what further steps I might need to take to resolve this?

Thank you for your help!

Hug for All , its so important for me !

Topics
ComputeNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53AWS Certificate ManagerSecurity, Identity, & ComplianceWebsite Provisioning
Language
English
asked a year ago174 views
1 Answer
0

Based on the information you've provided, there are a few potential issues that could be causing your SSL certificate validation to fail for your domain miestacionmeteorologicauy.com. Let's address these one by one:

  1. DNS Resolution: The nslookup result you provided indicates that there might be a problem with your DNS configuration. A timeout suggests that the DNS server is not responding or the domain's nameservers are not properly set up. This could be preventing ACM from validating your domain ownership.

  2. CNAME Record: While you mentioned that you've added the CNAME record provided by AWS Certificate Manager, it's important to double-check that it's exactly as ACM provided it, including any underscores or periods. Some DNS providers may not allow underscores in CNAME values, so if that's the case, you can remove the underscore from the value (but keep it in the name) for validation purposes.

  3. Validation Timeout: ACM typically attempts to validate a domain for up to 72 hours. If validation fails within this period, the certificate status changes to "Validation timed out." In this case, you'll need to request a new certificate after reviewing and correcting any CNAME issues.

  4. Public DNS: ACM requires that the domain records be resolvable over the public internet. If your domain is not publicly addressable or if you're using a private hosted zone, ACM won't be able to validate it.

  5. CAA Records: Check if there are any Certification Authority Authorization (CAA) records that might be blocking the certificate issuance.

To resolve these issues:

  1. Verify your domain's nameserver configuration with your registrar (in this case, AWS Route 53).
  2. Double-check the CNAME record in your DNS settings, ensuring it matches exactly what ACM provided.
  3. If the validation has timed out, request a new certificate through ACM.
  4. Ensure your domain is publicly resolvable.
  5. Check for any CAA records that might be interfering with the validation process.

If after taking these steps you're still experiencing issues, you may need to contact AWS support for further assistance, as there could be specific issues with your account or the domain registration that require their direct intervention.

Remember, DNS changes can take some time to propagate, so allow some time after making any changes before requesting a new certificate validation.

Sources
Troubleshoot certificate validation - AWS Certificate Manager
Troubleshoot DNS validation problems - AWS Certificate Manager
AWS Certificate Manager DNS validation - AWS Certificate Manager
Troubleshoot certificate requests - AWS Certificate Manager

answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content