By using AWS re:Post, you agree to the Terms of Use

Error message: Additional Verification Required / Certificate renewal failed despite proper Route53 setup for verification

0

I have a cert that is pending renewal. Hosted zones supported are all located in Route 53 so it supposed to be a breeze. My website is small and is definitely not really expected to be in Alexa top 1000.

In cert's page on AWS Certificate Manager I observe the "Pending validation" for some domains and one domain is Failed. The failed domain is in .ru zone, I do not know if it matters. Nevertheless, other domains are in .com and .art zones. Help says to post in this forum.

  • Hi Onkami,

    I found your post because I was having a similar issue with my .ru domain.

    Looks like Russian and Belorussian domains have been banned from ACM by a third-party certificate authority that AWS relies on: https://brenik.livejournal.com/7426031.html

1 Answers
0

Hi There,

I understand that you are getting an error "Additional verification required to request certificates for one or more domain names in this request." (.ru domain zone) when validating the domain name to issue the public certificate via ACM.

Please note this error could be the results of one of two things.

1.When the certificate contains a domain that ranks within the Alexa top 1000 websites.[1]

2.Or as of March 10, 2022 ACM has restrictions to issue new certificates for ".ru" domains until further notice.

I see in your case you will no longer be able to issue or renew certificates as your domain falls under the following domains.

.RU
.BY
Бел - Belarus
Рф - Russian Federation
.moscow
.москва - Moscow
.SU - Soviet Union
(http://ru.com/) .RU.COM
.РУС
.RU.NET

All Amazon certificates for these domains will remain functional until expiration, but will not be renewable and no new certificates from these domains will be issued.

The only workaround that would work in your scenario would be to obtain a certificate from a third party that can issue a certificate for your domain, and import the certificate into ACM [2]

I trust the above information is helpful to you.

References: ==============

[1] https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html#failed-additional-verification-required

[2] https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

Please note that I personally value your feedback, please accept this answer if you find it helpful to you.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions