8

I have transferred my domain to Route53 and I want Amazon Certificate Manager to issue a certificate for this domain. I followed the steps in the console to issue the certificate, the "Create record in Route53" button does show up. I do press it. It says "Success". I do see the CNAME entry created in Route53. The certificate status says "Pending Validation", "Validation is not complete, further action is needed to validate and approve the certificate". It's been that way overnight, I've tried before and left it for a few days and it times out at 72 hours.

What do I need to do?

levk
  • 81
  • 1
  • 2
  • Have you verified that Route53 is the authority for your domain? Try `nslookup -type=soa yourdomain.com` this should match the soa record in your Route53 zone, same for `-type=NS` – mhbrooks Jun 24 '19 at 10:16
  • For `-type=NS` I have authoritative answer from `ns3.afternic.com` which appears to be amazon. For `-type=soa` I do not have an authoritative answer, it says `Authoritative answers can be found from:` and then blank. It does not appear to be the same as what's in the SOA and NS record in Route53 – levk Jun 25 '19 at 01:08
  • 1
    It seems like the dns zone is not setup properly then. You should login in to your dns registrar, where you bought the domain and find the NS record setting, edit these values to be the 4 ns- records that amazon provide by default when you create a hosted zone. This will leave the ownership of the domain with your registrar but give route53 control of the dns records. – mhbrooks Jun 25 '19 at 12:54

1 Answers1

4

A lot of times reason related to "Pending Validation" issue is not clicking Create record in Route 53 button on the validation page, when creating the certificate.
It could be hidden on the Validation page click the down-arrow next to your domain name.
See image bellow: enter image description here

https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html#troubleshooting-route53-1

marko424
  • 3,839
  • 5
  • 17
  • 27