By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSL/TLS certificate Automatic validation failed. Manual validation required.

0

I have a domain name hosted at Namecheap.com

I created the CNAME records in Namecheap with the values given by the certificate, for

example.com www.example.com

I get the following message

Status: Automatic validation failed. Manual validation required.

example.com Status:SUCCESS

Message: Auto validation failed because no matching DNS zone found in lightsail.

www.example.com Status: PENDING_VALIDATION

Message: Auto validation failed because no matching DNS zone found in lightsail.

I have checked several times that i have entered the correct values. I am assuming until the PENDING_VALIDATION for www.example.com changes to SUCCESS i will still get the message

tatus: Automatic validation failed. Manual validation required.

Topics
ComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon LightsailAWS Certificate ManagerDomain Name System (DNS)
Language
English
Gin
asked 3 months ago291 views
3 Answers
1

Hi,

In your DNS management at namecheap, have you created A/CNAME record for www.example.com i.e. does that subdomain actually exist ?

Because otherwise the certificate validation related CNAME record wont be valid without having a real underlying record on the sub-domain.

Thanks.

profile pictureAWS
EXPERT
AWS-SUM
answered 3 months ago
  • Gin
    3 months ago

    Shared answer In Namecheap i have setup 2 CNAME records no A records

    CNAME

    example.com www.example.com using the NAME and VALUE provided by the certificate. The NAME was setup minus the example.com

  • Gin
    3 months ago

    i just created the following for www.example.com

    CNAME www parkingpage.namecheap.com.

  • AWS-SUM EXPERT
    3 months ago

    When I mentioned CNAME/A records for actual subdomain above, I do NOT mean the certificate validation related CNAME records. Certificate related records are separate.

    Once the domain example.com is registered, it exists and dig NS example.com resolves to the name servers delegated for that domain's DNS management.

    But any sub-domain www.example.com does NOT automatically exist. Usually folks add a record to the DNS management such as, www.example.com is a CNAME pointing/redirecting to example.com OR if you have some instance with IP 1.2.3.4, you could add an A record as www.example.com pointing to 1.2.3.4.

    Once the sub-domain record exists in reality, the associated certificate validation related CNAME record will resolve successfully and the domain ownership will get validated for the certificate issuance.

    Here, I don't know what parkingpage.namecheap.com is, I couldn't get it to return any answer in dig nor load in browser -> but if you do and it works, great.

1

Hello.

Is it possible to resolve the name "www.example.com"?
It is possible that the name "www.example.com" was not resolved properly when updating the certificate.

profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago
0

This is what my DNS setting is in namecheap

Namecheap DNS setp

Certificate Status

www.example.com when i run the following dig NS www.example.com points to the same details as example.com

Gin
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content