4

I'm trying to request a certificate using AWS certificate manager. I'm using route53 for DNS. I go through all of the steps, and use the "create record in Route53" to create the CNAME record automatically. I have double checked the CNAME record in Route53 to make sure it is the same one that ACM expects. After doing all of this, the DNS validation times out.

I have tried this multiple times with the same result. I barely know how to use dig so I'm kind of lost on how to troubleshoot this. Thanks.

Max Paymar
  • 588
  • 1
  • 7
  • 23

3 Answers3

1

I was facing a similar issue, where i copied the whole "name" of the CNAME record (from the AWS certificate manager) to the DNS configuration for my domain. And waited a whole day without any success. Then after reading "Michael - sqlbot" answer here, i removed the .example.com from _9022ecb910c52234234234234232xxxx.example.com in my domain's DNS configuration and Amazon Certificate Manager issued the certificate in about next 30 mins.

Hope you are not making the same mistake :-)

Afshar
  • 262
  • 3
  • 10
  • Hi - thanks for your reply. I'm using the "Create Record in Route53" button after creating the certificate, so AWS creates the record for me. I double checked and it's not using .example.com. I tried using dig to troubleshoot and I'm getting this response for querying the CNAME record (and A record for that matter)```id 60031 opcode QUERY rcode SERVFAIL flags QR RD RA ;QUESTION maxpaymar.com. IN CNAME ;ANSWER ;AUTHORITY ;ADDITIONAL``` – Max Paymar Jan 06 '19 at 05:44
  • I am not an expert in using Dig, but there are two things, that indicate a problem, that i can see in the response you get from Dig. 1. `rcode SERVFAIL` - i get `rcode NOERROR` 2. `;QUESTION maxpaymar.com. IN CNAME ; ANSWER ` Whereas what i get is.. `;QUESTION www.mydomain.com. IN CNAME ;ANSWER www.mydomain.com. 3599 IN CNAME d2xxw7xx19mpsi.cloudfront.net.` – Afshar Jan 06 '19 at 07:04
1

When I switched my domain from godaddy to AWS, the Name Server records did not automatically update. I thought they would but I actually had to change them manually from the AWS console.

Max Paymar
  • 588
  • 1
  • 7
  • 23
  • 1
    Can you describe how you found the correct Amazon DNS record? For those of us who may be having the same problem? – NickC Nov 25 '20 at 14:04
1

I had registered a domain with Route 53 and was facing a similar issue when I deleted my website's hosted zone.

The CNAME record in Route 53 was exactly as it was in ACM (no extra strings, whitespaces, etc.)

The issue was in Route 53 - the name servers associated with the registered domain were different from the name servers associated with the hosted zone.

I fixed this issue by:-

  1. Deleting and re-creating the hosted zone.
  2. Replacing the NS values in the registered domain with the NS values of from the newly created hosted zone.
  3. Creating a certificate in Certificate Manager with the domain name matching with the one specified in Route 53 hosted zone.
  4. Creating a Route 53 record from the Certificate manager wizard (which is step 5 in the wizard)
Saurabh
  • 5,176
  • 4
  • 32
  • 46