- Newest
- Most votes
- Most comments
Hi
As per the your problem above, I am assuming that you are not able to see the CREATE RECORDS button from the ACM console,
ACM Console does not display "Create record in Route 53" button --> This is the same link you have shared above
If you select Amazon Route 53 as your DNS provider, AWS Certificate Manager can interact directly with it to validate your domain ownership. Under some circumstances, the console's Create record in Route 53 button may not be available when you expect it. If this happens, check for the following possible causes.
- On the Validation page, you did not click the down-arrow next to your domain name.
- You are not using Route 53 as your DNS provider.
- You are logged into ACM and Route 53 through different accounts.
- You lack IAM permissions to create records in a zone hosted by Route 53.
- You or someone else has already validated the domain.
- The domain is not publicly addressable.
Suggestions/Recommendations:
You can use DNS validation for the ACM certificates instead of the Email validation. as far as i remember the DNS records generated by ACM are always the same if you create the certificate in any AWs account, So once DNS records are updated thats all ne need to update it again.
- If you do not see the DNS records button you can try to update the DNS manually or
- You can automate ACM and DNS validation by using Cloud formation. How to use AWS Certificate Manager with AWS CloudFormation
Hope it works for you. Thank You
After reading more about the issue and listening to GK's suggestions, I decided to drop the whole 'renewal' approach and did the following:
- Created a new certificate (DNS verification)
- Added the provided CNAME name/value via Route 53 to the hosted zone
... after a few seconds, the new certificate was validated.
- I went to my EC2 load balancer and associated the new certificate with https:443
... the new certificate was correctly associated with the https:433.
Thank you GK for your prompt help and kind suggestions
Please accept above answer if you are solved
Relevant content
- Accepted Answerasked a year ago
- asked 9 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
Hi,
The certificate in question is (type) Amazon issued. I would like to let AWS recreate it automatically.
I would like to solve this via DNS validation, but I do not know what should be added to the CNAME record to be able to do this. a) do I need to manually switch to DNS validation or the CNAME check is done implicitly even if I have email validation turned on? b) should I just put the certificate ID in CNAME? c) if not the certificate ID, then what should be added to my zone's records? d) I do not understand the CloudFormation proposal at the slightest. e) Would an easy way out also be to create a new public certificate and DNS validate it?
Thanks
Hi
Great, You got the SSL issued. If you would like to know how to add the DNS records here is the info this can help you , Pls check this link https://aws.amazon.com/premiumsupport/knowledge-center/route-53-validate-acm-certificates/
a) Once Certificate is ISSUED it is not possible to change, So instead of that you can create new ACM and use DNS validation. b) No CNAME records you have got you need to update like the same, Example screenshot https://knowledge.amimoto-ami.com/hubfs/Knowledge%20Base%20Import/downloads.intercomcdn.comio19113792531e905dadade1d235a7570cdimage.png c) You shoud not add Certificate ID, you need to add the DNS records, because ACM is going to check you are the owner of the domain or not . once DNS is updated you need to wait till the DNS propagated. d) The Cloudformation is simple way, If will create ACM certificate also update the DNS entry you dont have to add manually e) it is very simple and not much technical knowledge required. Youtube video link help you more https://www.youtube.com/watch?v=ookzXuMr8eY
Thank You