Amplify - SSL setup failed

Question

I have two Amplify applications one with rootdomain and **www subdomain** it's up and running and another application with app..in this one was working fine too, I had situation to change the bitbucket repo, so I deleted this application and created new one and deploy the new repo code then I tried to setup custom domain. **app..in,** It provides the cname and updated in my DNS and waited to propagate but i always get

> SSL setup failed
One or more aliases specified for the distribution includes an incorrectly configured DNS record that points to another CloudFront distribution. You must update the DNS record to correct the problem. For more information, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions (SDK Attempt Count: 1)

I also waited like 48 hours before posting this here, I checked DNS lookup and updated cname is progated properly, Not I could not find any CloudFront distribution to verify the conflict, I tried amplify managed certificate and aws certificate managed one, but no luck on both.

Please someone help to find the

re:Post Agent · Answer

The issue you're experiencing with SSL setup failure for your Amplify application is likely due to a conflict with existing DNS records or CloudFront distributions. Here are some steps to troubleshoot and potentially resolve the problem:

1. DNS Configuration: Ensure that the CNAME record for app..in is correctly pointing to the new Amplify app's URL. Double-check for any typos or extra spaces in the DNS settings.

2. CloudFront Distribution Conflict: Although you mentioned not finding any conflicting CloudFront distributions, it's possible that a distribution from your previous app is still lingering. Check all AWS regions for any hidden or forgotten CloudFront distributions that might be associated with your domain.

3. Certificate Manager: Verify that there are no old or conflicting SSL certificates in AWS Certificate Manager (ACM) for your domain.

4. DNS Propagation: While you've waited 48 hours, sometimes DNS changes can take longer to fully propagate. Use online DNS lookup tools to check if the CNAME record is visible from different locations globally.

5. Amplify App Cleanup: Ensure that all traces of the old Amplify app have been removed. Sometimes, deleting an app doesn't fully remove all associated resources.

6. IAM Permissions: Confirm that your AWS account has the necessary permissions to create and manage CloudFront distributions and ACM certificates.

7. Route 53 (if applicable): If you're using Route 53, check for any conflicting records in your hosted zone.

8. Amplify Console: Try removing the custom domain from your Amplify app and then re-adding it. This can sometimes trigger a fresh SSL setup process.

9. CLI Approach: As an alternative, you could try setting up the custom domain using the Amplify CLI instead of the console, as this might provide more detailed error messages.

If none of these steps resolve the issue, you may need to contact AWS Support for more in-depth troubleshooting, as they can access account-specific information that might reveal the root cause of the problem.
      
**Sources**  
[custom domain SSL Verification fails in Amplify | AWS re:Post](https://repost.aws/questions/QUc_DH7eUVS3i763hOgp7gKA/custom-domain-ssl-verification-fails-in-amplify)  
[AWS Amplify - SSL Creation error, CNAMEAlreadyExists | AWS re:Post](https://repost.aws/questions/QU3WgODZB8QpqwjvFVmftGBQ/aws-amplify-ssl-creation-error-cnamealreadyexists)  
[Amplify custom domain setup issue | AWS re:Post](https://repost.aws/questions/QUmFRNfbLAQRK91MyqVTz3wg/amplify-custom-domain-setup-issue)

Amplify - SSL setup failed

Relevant content