By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Why is my request for an aws https certificate always failing?

0

Ok I own "tradez.co.nz", purchased it with aws, have it working with http. It is clear that it is being recognised by aws. Yet it is not! Every time I request a secure certificate it goes pending for 2 days and fails. I have tried both the DNS and email verification procedures. I have registered the IAM user "admin@tradez.co.nz" yet cant find where to check for any possible verification email. Furthermore, why is the DNS method not working when aws clearly knows I have the domain with all the DNS setup otherwise plain http would not be working? Confused.

1 Answer
0

Your issue with obtaining a secure certificate for "tradez.co.nz" through AWS Certificate Manager (ACM) seems to involve several aspects of domain ownership, DNS configuration, and certificate validation. Let's break down the problem and provide some potential solutions:

  1. Domain Ownership and DNS Configuration: While you've purchased the domain through AWS and have HTTP working, this doesn't necessarily mean that AWS automatically recognizes your ownership for SSL/TLS certificate issuance. ACM requires additional verification.

  2. Certificate Validation Methods: ACM offers two validation methods: DNS validation and Email validation.

a) DNS Validation: This method requires you to add a CNAME record to your DNS configuration.

[+] https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html

If DNS validation is failing, ensure that:

  • You have proper permissions to modify DNS records
  • The CNAME record is correctly added to your DNS configuration
  • You're waiting long enough for DNS propagation (can take up to 48 hours)

b) Email Validation: For email validation, ACM sends verification emails to specific addresses associated with your domain.

[+] https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html

  1. IAM User and Email Verification: The IAM user "admin@tradez.co.nz" is not directly related to the certificate validation process. For email validation, ACM sends emails to predefined addresses like:
  • administrator@your_domain_name
  • hostmaster@your_domain_name
  • postmaster@your_domain_name
  • webmaster@your_domain_name
  • admin@your_domain_name
  1. Troubleshooting Steps: a) Verify Domain Ownership: Ensure that the domain's WHOIS information is up to date and matches your details.

b) Check DNS Configuration: Use the dig command or online DNS lookup tools to verify your DNS records.

c) Review ACM Console: In the ACM console, check the status of your certificate request and look for any error messages.

d) Use AWS CLI: You can use the AWS CLI to get more detailed information about your certificate request:

aws acm describe-certificate --certificate-arn <your-certificate-arn>

e) Contact AWS Support: If all else fails, consider contacting AWS Support for assistance.

By following these steps and consulting the AWS documentation, you should be able to troubleshoot and resolve the issue with your SSL/TLS certificate for "tradez.co.nz".

AWS
answered 11 days ago
profile picture
EXPERT
reviewed 4 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions