I have requested a public ACM certificate and I have selected the DNS validation method. After requesting the certificate it went to Pending validation state. I have created a hosted zone in Route 53 with the same domain name which I have used for my certificate. After creating the certificate I got the option "Create record in Route 53". I have created the record in Route 53 with the CNAME and it displayed as " Success The DNS record was written to your Route 53 hosted zone. It can take 30 minutes or longer for the changes to propagate and for AWS to validate the domain and issue the certificate.". But the status of the certificate is not getting changed and it is still in pending validation only. After some time the "Create record in Route 43" option is getting enabled again. I have tried the same process multiple times almost one day but the status is not getting changed. Can someone please help to fix the issue.
4 Answers
In the AWS Console (Web UI), on the Certificate Manager page,
- Expand the certificate that is pending
- Expand the table that has domain and validation status
- Click the blue button that says "Create record in Route 53" (you can also do this manually)
- Give it about 10 minutes
Or follow these instructions from AWS - Why is my AWS Certificate Manager (ACM) certificate DNS validation status still pending validation?
- 311
- 2
- 8
-
The only valid and true answer. All of the rest is crap. – EugenSunic Aug 04 '23 at 13:34
Having the same issue here and I found out that my problem is in the NS record in my domain. My mistake was I didn't update the Name Servers in my domain, what I did was the opposite. I updated the values of the NS record in R53 based on the NS on my domain then I realized that the right thing to do was to update your NS (Name Servers) of your domain to the values of the NS record in R53. Haha (english is not my native language btw).
Just make sure you have the correct Name Servers and correct CNAME suggested by ACM. I waited a day before and still Pending Validation, but when I fixed it it took only a few minutes for my certificate to be issued.
- 51
- 2
What I would do is:
- Verify that the DNS returns what is expected.
For that you can use dig (Linux) or nslookup (Windows), or even better > https://www.digwebinterface.com
If you don't get what is expected, you need to reconfigure the DNS.
- Once it is verified, wait a little bit (10 min to 2h I'd say).
Something to read while you wait:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
- https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
- https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/
- https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html
- 2,071
- 21
- 37
-
110m to 2h! Frustrating that it can take so long. Especially since you cannot know if something is wrong or not. my nslookup works fine, but it's been 30+ minutes so far – Daniel Williams Dec 22 '22 at 21:37
-
2It's terrible. In my career, I've probably done domain validation 50 times. I don't ever remember it being anything other than instant. The lack of a "Check again" button is maddening. – Jan 25 '23 at 23:18
You might need to check if you verified the email you used in registering the domain. If the domain is suspended the Certificate would not be issued. You can request another verification link.
- 21
- 1