66

I am trying to set up a few SSL certificates in Amazon Certificate Manager, but I am trouble getting them verified after adding the CNAME in Namecheap.

Here is an example of the CNAME verification entries at Amazon Certificate Manager

Here is an example of another domains CNAME entry at Namecheap

If I put the entire value of the Name entry into Host at Namecheap, the verification fails. I also get an error on some long domains I have, as the Name entry exceeds 60 characters.

Can anyone assist with the correct parts needed to verify via DNS using Namecheap?

sigur7
  • 796
  • 1
  • 11
  • 35
  • The input from the images differs, try to use same input not prefixing it with `http` – nbari Jul 05 '18 at 20:36
  • 10
    Remove the domain name and the final dot, e.g. `_cfff00000.www.example.com` the value on the left is just `_cfff00000.www`. – Michael - sqlbot Jul 05 '18 at 22:11
  • 1
    I voted to close this question because it is not a programming question and it is off-topic on Stack Overflow. Non-programming questions about your website should be asked on [webmasters.se]. In the future, please ask questions like this there. – Stephen Ostermiller Feb 02 '22 at 13:44

7 Answers7

84

In the CNAME record enter - _cff0cda88701846cbe7a34cd737378e2 as the host field and - _490287b8f448e2cca3862ebb4a51591.acm-validations.aws in the value field.

Once done wait for at least 1 hour for the changes to reflect.

Community
  • 1
  • 1
mdeora
  • 4,152
  • 2
  • 19
  • 29
  • 1
    Hello, on NameCheaps site we are given a Record Type field, Host field, and Target field. In this example Record Type field is obviously CNAME. Are you saying that the Host field should be _cff0cda88701846cbe7a34cd737378e2 and the target should be _490287b8f448e2cca3862ebb4a51591.acm-validations.aws.xxxxx? Also does the xxxxx stand for my domain name? So if my domain name was www.blah.com it should be _490287b8f448e2cca3862ebb4a51591.acm-validations.aws.www.blah.com? – skyleguy Oct 04 '18 at 12:31
  • 3
    no you don't need to replace xxx with your domain name, I had added that for if any more extra string for general use case. Now I have updated the answer. You have to enter till .aws only. – mdeora Oct 04 '18 at 13:04
  • 4
    the underscore in the value gives an error - has anybody faced something similar ? – apratimankur Oct 18 '19 at 20:04
  • 4
    @apratimankur https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html : simply remove the underscore, and it should still validate – trainface Oct 23 '19 at 01:05
  • 2
    below one worked for me i had to add ".www" at the end of the CNAME record or I didn't work – sinofis Jan 31 '20 at 19:18
  • 1
    Solution below (add '.www' at the end) also worked for me :) – Mihail Panayotov Mar 14 '20 at 18:32
59

If anyone is looking for NameCheap DNS record validation for AWS CloudFront ssl validation then please refer screenshot below. This NameCheap DNS record validation worked for me as of Jul 2019

Cname record AWS and NameCheap

zennni
  • 1,397
  • 15
  • 12
  • This is confusing: I can't edit the value on AWS, so why does the image say "remove domain at the end"? the guids for name and value don't match, so it can't be that – jcollum Dec 08 '19 at 23:30
  • 1
    @jcollum Ah I see , screen shot was little confusing. I meant "remove domain at the end" in DNS record in NameCheap, not in AWS. I have updated the screen shot now. – zennni Jan 16 '20 at 07:01
  • I went through setting up a static site with namecheap recently and they said the `ALIAS,@, [aws url]` record was very important too. I'm recalling that from memory so I could be a little off. Worth bringing up for anyone else who has to go through this. – jcollum Jan 16 '20 at 23:17
  • ok this finally makes sense and I feel silly. When you use xyz.mysite.com in the host field you are actually setting a record for "xyz.mysite.com.mysite.com". – Stoopkid Nov 29 '20 at 20:05
  • 9
    The namecheap website crashes if I try to append .www at the end of the host field. As soon as I type '.' the whole website freezes for some reason. I can't complete my validation this way – Suhas Mar 05 '21 at 08:44
  • 4
    @Suhas The same happened to me, and I solved it by reopening it in firefox and pasting it. It still froze but waiting a little pasted it, but in chrome it always crashed – Vikranth May 20 '21 at 11:04
  • The same applies for SendGrid and other CNAME verifications, as well. – grizzly Jan 02 '23 at 16:37
40

Adding a more complete answer.

Some DNS provider like Namecheap appends the bare domain name to the DNS record. In effect, if you add the full record provided from Amazon Certificate Manager like so (replace example.com with your domain):

_cff0cda88701846cbe7a34cd737378e2.example.com

What you'll end up with is

_cff0cda88701846cbe7a34cd737378e2.example.com.example.com

To check if this is the case, after you have added the DNS record, run this command (on Unix)

dig +short _cff0cda88701846cbe7a34cd737378e2.example.com.example.com

If it returns the CNAME record, you have to omit the domain name from your DNS record so you won't get a duplicate domain name in there. Then run

dig +short _cff0cda88701846cbe7a34cd737378e2.example.com

You should get the corresponding CNAME record from it. The validation can take up to 48 hours.

Pandemonium
  • 7,724
  • 3
  • 32
  • 51
  • 1
    This should be the correct answer since it explain what actually happens in the background. Thanks! – Novus Sep 08 '20 at 00:51
  • 1
    Also most helpful to me - dig is a much faster way to check for correctness than waiting 30 mins for amazon to check it – Cookie Nov 02 '22 at 12:32
  • Fantastic answer. I used `dig` and found that Namecheap as of this writing does exactly what you described. – Asker Jun 26 '23 at 02:48
10

Even though AWS includes it, do not include the domain name itself in the CNAME Host field for Namecheap (they apparently append it for you); just chop that off at the end. The value field is fine.

Give it half an hour.

Genovo
  • 551
  • 6
  • 6
3

namecheap.com does now allow a leading underscore in the Value field.

As specified in the AWS docs' Troubleshoot DNS Validation Problems ,

you can remove the underscore from the ACM-provided value and validate your domain without it.

In your case, the Value would be:

490287b8f448e2cca3862ebb4a51591.acm-validations.aws.

Where the trailing dot should still be permitted.

Brad Solomon
  • 38,521
  • 31
  • 149
  • 235
  • Namecheap does allow leading underscore in the value field, where are you getting your information from? – Joshua Ugba Nov 10 '20 at 15:14
  • @JoshuaUgba By using Namecheap – Brad Solomon Nov 10 '20 at 15:21
  • I created a CNAME record with a leading underscore value and it worked just fine, and it was validated by AWS today. – Joshua Ugba Nov 10 '20 at 16:01
  • @JoshuaUgba Hm, good to know. Perhaps Namecheap started allowing them recently. See https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html#underscores-prohibited and the conversation from answer https://stackoverflow.com/a/51208517/7954504 for background – Brad Solomon Nov 10 '20 at 16:30
3

For any one using a subdomain like - api.example.com.

In the CNAME record enter - _cff0cdhash.api as the host field and - _490287b8f4hash.acm-validations.aws in the value field. As namecheap itself appends example.com to it. I was not able to figure out a way to make it work for www.api.example.com.

Pankaj Tanwar
  • 850
  • 9
  • 11
0

above worked for me except for the root domain validation ; there I had to add entire string _cff0cda88701846cbe7a34cd737378e2.example.com instead of _cff0cda88701846cbe7a34cd737378e2. for the certificate to be issued. For the others, _cff0cda88701846cbe7a34cd737378e2.www was enough. Hope it helps. Just did this today.

SureshG
  • 1