- 最新
- 投票最多
- 评论最多
Hello,
For a DNS-validated certificate to be renewed, two conditions have to be met:
- The certificate is associated with one of the ACM-integrated services.
- The CNAME record of the certificate is resolvable.
It is important to note that there is a 1:1 relationship between domain names and CNAME records. In other words, if your certificate has three domains in its scope there would be three CNAME records. For the certificate to be renewed, all CNAME records need to be resolvable, something that you can verify with the following command:
dig -t CNAME <CNAME name> +short
If a single CNAME record does not return any output then renewal will fail since all domain names need to be validated, something which can be done only if ACM can query the CNAME records associated with those domain names.
You can see which domains have been validated by calling the DescribeCertificate API against the affected certificate.
I hope this helps but let us know if you have any more questions.
I need more clarity more like step by step way of resolving this issue, please.
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前