Certificate Renewal Still Pending After Updating DNS Records

0

I'm experiencing an issue with the automatic renewal of my AWS Certificate Manager (ACM) certificate. Despite updating the CNAME records in my GoDaddy DNS settings to match those provided by ACM console, the certificate renewal remains pending.

I've verified that the DNS records are correct and have allowed sufficient time for propagation (over 48 hours). However, the ACM console still shows the renewal as pending.

I've checked the following:

  • Verified CNAME records in GoDaddy DNS match those provided by ACM
  • Allowed sufficient time for DNS propagation
  • Checked for any issues with my domain or DNS configuration

Could someone please assist me in troubleshooting this issue or provide guidance on what additional steps I can take to resolve the pending certificate renewal?

asked 5 days ago28 views
2 Answers
1

I'm curious that you say you have:

  • Verified CNAME records in GoDaddy DNS match those provided by ACM
  • Allowed sufficient time for DNS propagation
  • Checked for any issues with my domain or DNS configuration

But you don't mention if you have actually run nslookup against the DNS record you created? If you can't lookup the record and get the expected answer back, then neither will ACM, which is where your problem is.

There are some good suggestions to try in this knowledge document https://repost.aws/knowledge-center/acm-certificate-pending-validation

profile picture
EXPERT
answered 4 days ago
profile picture
EXPERT
reviewed 4 days ago
0

Thank you for providing details about your certificate renewal issue. There are several factors to consider when troubleshooting a pending certificate renewal in AWS Certificate Manager (ACM).

First, it's important to note that the renewal process for DNS-validated certificates can take up to 72 hours. Even though you've waited over 48 hours, it may still be within the expected timeframe. However, if it continues to remain pending beyond 72 hours, further investigation is needed.

Here are some additional steps you can take to troubleshoot the issue:

  1. Double-check that the CNAME records in your GoDaddy DNS settings exactly match the records provided by ACM, including the correct domain name, record name, and record value. Any discrepancies can cause validation issues.

  2. Verify that the CNAME records are publicly resolvable using a DNS lookup tool. This can help confirm that the records are properly propagated and visible to ACM.

  3. Ensure that the certificate is still in use by an AWS service. ACM only automatically renews certificates that are actively being used.

  4. Check if there are any Certification Authority Authorization (CAA) records that might be blocking the renewal. If you have CAA records, make sure they allow issuance from "amazon.com".

  5. In the ACM console, expand the certificate details and check the status of each domain listed. All domains must be successfully validated for the renewal to proceed.

  6. If the certificate status changes to "Validation timed out" after 72 hours, you may need to request a new certificate and go through the validation process again.

If you've verified all these points and the issue persists, it's recommended to contact AWS Support for further assistance. They can provide more specific guidance based on your account and certificate details.

Remember that the managed renewal process is asynchronous, and it can sometimes take several hours for status changes to appear in the ACM console. If all the above steps have been taken and the renewal is still pending, reaching out to AWS Support would be the best next course of action.
Sources
AWS Certificate Manager - Certificate Renewal | AWS re:Post
Troubleshoot managed certificate renewal - AWS Certificate Manager
AWS Certificate Manager DNS validation - AWS Certificate Manager
Problem for CAA certificate renewal in ACM | AWS re:Post

profile picture
answered 5 days ago
profile picture
EXPERT
reviewed 5 days ago
profile picture
EXPERT
reviewed 5 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions