Double subdomain certificate issue.

0

So, i have a working hosted zone in account "A", the primary domain name for it, looks like example.com. I have created another hosted zone in account "B", for domain name test.example.com, took generated NS records from there, using those, i created the NS record in account "A" - primary hosted zone (example.com). After that, i requested certificate from AWS ACM in account "B", for domain name *.test.example.com, and validated it by creating the "CNAME" record in hosted zone of account "B" (test.example.com). And now, the problem: i want to create an "A" record, to my ALB, which should look like lb.something.test.example.com (so basically i add 2 additional subdomains within the domain of the hosted-zone test.example.com). The redirection works, but browser is crying about the certificate domain name (which is *.test.example.com) and the url that im trying to request (which is lb.something.test.example.com) not being the same. Even thought, if i set the value for the same "A" record in account "B" hosted zone, to be just something.test.example.com redirection also works, and browser is happy (even thought, i request now url something.test.example.com and the certificate is *.test.example.com).

I know it might not be fully connected to the AWS route 53 functionality, but to functionality of the DNS service as whole, but i would appreciate if someone would share any documentation or solution on how to achieve what i need.

Thanks

2 Answers
0
Accepted Answer

Welp, apparently i was just able to use SAN's feature, and it did what i needed - with just 1 certificate (*.example.com) i covered both (*.something-1.example.com) and (*.something-2.example.com).

To create via AWS CLI just use :

--subject-alternative-names argument for command aws acm request-certificate, but it also is possible to do it via AWS web console.

answered a year ago
0

The wildcard in the certificate will not cover multiple levels. You will need to create another subdomain of something.test.example.com and add *.something.test.example.com to the new certificate, if you want to do DNS verification. You could add the different multi-level subdomains to a certificate and use email verification without adding the various DNS subdomains.

profile pictureAWS
EXPERT
kentrad
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions