AWS Certificate Request Validation Timeout

Question

I'm trying to request a certificate using AWS certificate manager. I'm using route53 for DNS. I go through all of the steps, and use the "create record in Route53" to create the CNAME record automatically. I have double checked the CNAME record in Route53 to make sure it is the same one that ACM expects. After doing all of this, the DNS validation times out.

I have tried this multiple times with the same result. I barely know how to use dig so I'm kind of lost on how to troubleshoot this. Thanks.

Answer 1

I had registered a domain with Route 53 and was facing a similar issue when I deleted my website's hosted zone.

The CNAME record in Route 53 was exactly as it was in ACM (no extra strings, whitespaces, etc.)

The issue was in Route 53 - the name servers associated with the registered domain were different from the name servers associated with the hosted zone.

I fixed this issue by:-

1. Deleting and re-creating the hosted zone.
2. Replacing the NS values in the registered domain with the NS values of from the newly created hosted zone.
3. Creating a certificate in Certificate Manager with the domain name matching with the one specified in Route 53 hosted zone.
4. Creating a Route 53 record from the Certificate manager wizard (which is step 5 in the wizard)

Answer 2

When I switched my domain from godaddy to AWS, the Name Server records did not automatically update. I thought they would but I actually had to change them manually from the AWS console.

Answer 3

I was facing a similar issue, where i copied the whole "name" of the CNAME record (from the AWS certificate manager) to the DNS configuration for my domain. And waited a whole day without any success. Then after reading "Michael - sqlbot" answer here, i removed the .example.com from _9022ecb910c52234234234234232xxxx.example.com in my domain's DNS configuration and Amazon Certificate Manager issued the certificate in about next 30 mins.

Hope you are not making the same mistake :-)