- Newest
- Most votes
- Most comments
I'm curious that you say you have:
- Verified CNAME records in GoDaddy DNS match those provided by ACM
- Allowed sufficient time for DNS propagation
- Checked for any issues with my domain or DNS configuration
But you don't mention if you have actually run nslookup against the DNS record you created? If you can't lookup the record and get the expected answer back, then neither will ACM, which is where your problem is.
There are some good suggestions to try in this knowledge document https://repost.aws/knowledge-center/acm-certificate-pending-validation
Thank you for providing details about your certificate renewal issue. There are several factors to consider when troubleshooting a pending certificate renewal in AWS Certificate Manager (ACM).
First, it's important to note that the renewal process for DNS-validated certificates can take up to 72 hours. Even though you've waited over 48 hours, it may still be within the expected timeframe. However, if it continues to remain pending beyond 72 hours, further investigation is needed.
Here are some additional steps you can take to troubleshoot the issue:
-
Double-check that the CNAME records in your GoDaddy DNS settings exactly match the records provided by ACM, including the correct domain name, record name, and record value. Any discrepancies can cause validation issues.
-
Verify that the CNAME records are publicly resolvable using a DNS lookup tool. This can help confirm that the records are properly propagated and visible to ACM.
-
Ensure that the certificate is still in use by an AWS service. ACM only automatically renews certificates that are actively being used.
-
Check if there are any Certification Authority Authorization (CAA) records that might be blocking the renewal. If you have CAA records, make sure they allow issuance from "amazon.com".
-
In the ACM console, expand the certificate details and check the status of each domain listed. All domains must be successfully validated for the renewal to proceed.
-
If the certificate status changes to "Validation timed out" after 72 hours, you may need to request a new certificate and go through the validation process again.
If you've verified all these points and the issue persists, it's recommended to contact AWS Support for further assistance. They can provide more specific guidance based on your account and certificate details.
Remember that the managed renewal process is asynchronous, and it can sometimes take several hours for status changes to appear in the ACM console. If all the above steps have been taken and the renewal is still pending, reaching out to AWS Support would be the best next course of action.
Sources
AWS Certificate Manager - Certificate Renewal | AWS re:Post
Troubleshoot managed certificate renewal - AWS Certificate Manager
AWS Certificate Manager DNS validation - AWS Certificate Manager
Problem for CAA certificate renewal in ACM | AWS re:Post
Relevant content
- asked 2 years ago
- asked 13 days ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 7 months ago