AWS ACM Stuck in Pending Validation Unless NS Changed in Domain

Question

PROBLEM: I'm experiencing an issue with the validation of the a SSL Certificate trough AWS ACM. I have a domain purchased through route53 and am trying to associate a certificate to it through ACM. At first I tried to accomplish this with Cloudformation with no success (the SSL certificate was stuck on pending - same problem), and moved to trying to see if the issue could be resolved through the web interface. I created a hosted zone for my domain successfully and went on to generate a certificate for my domain. The certificate was created and the CNAME was added to my hosted zone after clicking the Create Record in Route53 button, but the status of the certificate remained pending for days until it would time out. By experimenting I found that the NS records in the hosted zone needed to match up with the domains hosted zone (AWS generated both for me initially). After changing the name servers on the domain my certificate was issued almost immediately. I've tested this multiple with exactly the same outcome every time.

QUESTION: Is there any way to resolve this issue without having to manually change the name servers in the domain to match those in the hosted zone. My goal is to have this all set up with Cloudformation and I would like to avoid having to create a custom resource with lambda.

Answer 1

No, whenever you create a Route53 zone you need to map the NS records in domain provider DNS records.

Since, the NS are dynamic and every-time you create a hosted zone (even for same domain) a different set of NS will be provided that you need to map.

Its Ideal to create the hosted manually if domain provider is other than AWS itself or otherwise you need to use domain provider API's to update the NS records automatically (If API's are given by your domain provider).