"Additional Verification Required" when requesting ACM Certificate


We have tried requesting for ACM certificates however they just seem be waiting for "Pending Validation" despite we using the DNS method to authenticate and the relevant CNAME being added directly to the DNS of the domain within S3 services.

Check attached screenshot!, wherein we can directly create CNAME records within Route 63 screenshot

Please help!

  • Could you use nslookup thru shell/cli console to check if the CNAME name and value are configured successfully and correctly? e.g. nslookup [Record Name] Resp: [CName name] canonical name = [CNAME value with a '.' behind].

  • @Sportobuddy that sounds right at a high level, but what do you mean "within S3 services"?

  • CNAME records added directly from the ACM console (as domain is also registered with AMAZON S3)

2 Answers
Accepted Answer

In addition to the above answer, I would like to add this below:

$whois sportobuddy.com | grep 'Name Server'

I have found your "sportobuddy.com" has four name server with a company other than AWS. In your Route 53 hosted zone, edit NS record, copy all the name servers of record 'NS" of Route 53 and paste those in the other DNS provider Name Server's record, save those, wait a few minute and try agin with ACM.

Option two:

I do understand you have domain name registered with Route 53. Go to Route 53 Dashboard, choose your doamin (sportobuddy.com). On the top right corner, you will see "Add or edit name servers". Follow the previous instructions to edit the name servers.

But it is better, delete ACM's previous certificate even though it was not validated. Please advise the update.

answered 11 days ago
  • Thanks for pointing out the issues and now i have resolved the same successfully.


Looking at your DNS records with dig, it looks like your nameservers are outside AWS i.e. not pointing at Route53. This means that when ACM queries DNS it's looking at your existing DNS data, and not that in Route53 so it can't see the validation details.

You'll either need to copy the records from Route53 to your DNS configuration or tell your DNS configuration to use Route53.

profile picture
answered 12 days ago
  • Thanks for pointing out the issues and now i have resolved the same successfully.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions