By using AWS re:Post, you agree to the Terms of Use

Unanswered Questions tagged with Domain Name System (DNS)

Sort by most recent
  • 1
  • 2
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

ACM Certificate issued for an private hosted zone, status stuck on pending validation

Hi, we have a certificate issued by ACM for the domain for renewal, and the status of this certificate is `pending validation`. I tried to add the CNAME record by `Create Records in Route 53`, and it pop as "the record is successfully created". Waited for a day, the certificate is still on `pending validation` status. To give a clear example, naming the domain that needs verification as `api.example.com`. I checked in route53 that there is no CNAME record in the hosted zone "api.example.com", however we have a record in the hosted zone `example.com`. I'm not sure about the relationship of this two domain names. But `api.example.com` is a **private hosted zone ** and `example.com` is a **public hosted zone ** that has the CNAME record we need to add to `api.example.com`. The record in the public hosted zone has CNAME has record name. I have followed [DNS validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) and [Why is my AWS Certificate Manager (ACM) certificate DNS validation status still pending validation?](https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/?nc1=h_ls) and it's a bit confusing that is this the correct certificate we get for a private hosted zone? Shouldn't we get it from ACM CA? If no, where should I add this record to? I pasted the example below, how do I complete validation for this domain? ![Route 53 Dashboard](/media/postImages/original/IMIGfX3gQFT6OTpL1NG61-3A) ![Certificate](/media/postImages/original/IMj6JK8q3HRdST1BZkFD3cpA)
0
answers
0
votes
26
views
asked 16 days ago

Getting AccessDenied Error Trying to Get Wildcard SSL with Certbot and Route53 Plugin

I have been tasked with setting up Wilcard SSL for some domains. These domains are hosted through AWS Route53. I am using **Certbot** on an **Ubuntu 20.4** machine (we're using Lightsail), where the apps are hosted. I have also installed the Route53 DNS plugin for Certbot. I run this command: ``` sudo certbot certonly --dns-route53 --email '**@**.**' --domain 'mywebsite.rocks' --domain '*.mywebsite.rocks' --agree-tos --non-interactive ``` *Real domains remove for security reasons* I get this error: ``` An error occurred (AccessDenied) when calling the ListHostedZones operation: User: arn:aws:sts::*********:assumed-role/**********/********** is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action ``` Let me explain first how I set up the IAM user in the AWS console. 1. I created a new Policy with this config ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:GetHostedZone", "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets" ], "Resource": "arn:aws:route53:::hostedzone/WHAT-EVER-MY-ID-IS-HERE" }, { "Effect": "Allow", "Action": "route53:ListHostedZones", "Resource": "*" } ] } ``` *Replacing `WHAT-EVER-MY-ID-IS-HERE` with my actual domain's Hosted Zone ID* 2. I then created a new **IAM User** and during set-up, I attached the above Policy to the user. 3. I then created an **Access Key** for my new User and took note of the `AccessKeyId` and `SecretAccessKey`. This has access to be used programmatically. 4. On the server, I created a config file at `/root/.aws/config` as instructed in the documentation. *I also tried `~/.aws/config`* but as I am using `sudo` the former seemed the preferred location (I could be wrong though, and during my tests, neither worked anyway) And as previously aforementioned, I run the command and get the error. Searched the web high and low for a solution, but cannot find one. Appreciate any help I can get from folk.
0
answers
0
votes
48
views
asked 6 months ago
  • 1
  • 2
  • 12 / page