By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Nameservers in R53?

0

I recently successfully transferred a domain into R53 from another registrar.

Then I went in a created a new hosted zone for the domain (it's a .org domain).

Next, I attempted to create a cert using ACM. The CNAME records were created successfully in the hosted zone, but the cert remains in a pending state, after several hours.

Then, I noticed that the nameservers specified in the register domain were different to those in the NS record in the hosted zone. All the NS entries (in both locations) are AWS. There was never an active site/host for this domain, so there's no existing IP address/hostname to preserve.

Could that be why the cert is pending?

Which set of nameservers is correct?

I am intending on hosting a website at this domain within AWS, hence the need for a cert.

Suggestions on troubleshooting steps, or a solution?

  • AnAdminUser
    2 years ago

    Made sure that the nameservers in the registrar entry matches the NS record in the hosted zone (all 4).

    Cert is still pending.

    Should I removed the created CNAME records, and re-create the cert?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53AWS Certificate Manager
Language
English
AnAdminUser
asked 2 years ago325 views
1 Answer
0

The name servers in the registar need to point to the hosted zone name servers. This is why your cert is not being issued as ACM is unable to resolve the CNAME record. You should update the registar with the new name servers from the hosted zone, then ACM will retry and the cert will be issued eventually.

profile picture
EXPERT
JimmyDqv
answered 2 years ago
  • AnAdminUser
    2 years ago

    I neglected to say that when I noticed the difference in the NS records between the registrar entry and the zone entry, I did copy the zone NS record values into the registrar record.

    Cert is still pending, even thought the validation CNAME records were correctly auto-created.

  • Steve_M EXPERT
    2 years ago

    Have the updated NS records on the registrar's side propagated yet - this may take a while if the TTL is a large figure.

    Check the status of the NS field at https://toolbox.googleapps.com/apps/dig/

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content