Reputation: 549
AWS ACM certificate state is pending validation and not changing to issues
I have requested a public ACM certificate and I have selected the DNS validation method. After requesting the certificate it went to Pending validation state. I have created a hosted zone in Route 53 with the same domain name which I have used for my certificate. After creating the certificate I got the option "Create record in Route 53". I have created the record in Route 53 with the CNAME and it displayed as " Success The DNS record was written to your Route 53 hosted zone. It can take 30 minutes or longer for the changes to propagate and for AWS to validate the domain and issue the certificate.". But the status of the certificate is not getting changed and it is still in pending validation only. After some time the "Create record in Route 43" option is getting enabled again. I have tried the same process multiple times almost one day but the status is not getting changed. Can someone please help to fix the issue.
Upvotes: 37
Views: 57247
Answers (8)
Reputation: 607
In the AWS Console (Web UI), on the Certificate Manager page,
- Expand the certificate that is pending
- Expand the table that has domain and validation status
- Click the blue button that says "Create record in Route 53" (you can also do this manually)
- Give it about 10 minutes
Depending on your situation, you may also have to do what "Ewambe A" suggests to do, so please also check that your NS records match your whois lookup!
You can also follow these instructions from AWS - Why is my AWS Certificate Manager (ACM) certificate DNS validation status still pending validation?
Upvotes: 46
Reputation: 11
I can understand your pain for which I have also faced. You must enter the default NS records created by hosted zone, in the public domain provider. While making the entries, you must provide the name as the hosted zone name. For example, if demo.example.com is your hosted zone, then you need to make an entry in domain name provider with the name called demo. After 2 mins the certificate will show issued.
Hope this helps!
Upvotes: 1
Reputation: 15441
- Go to AWS Certificate Manager (ACM)
- Click in the certificate that is pending
Click the "Create record in Route 53" and
In Route53 you'll see the CNAME records there
That's it. Then after 7 minutes, in my case, you'll then see the success
Upvotes: 1
Reputation: 718
If your NS is Godaddy, check if there's a dot added at the end of the DNS record. <random_value>.acm-validations.aws." is rejected while "<random_value>.acm-validations.aws" is accepted.
Default trailing period added by DNS provider
Upvotes: 1
Reputation: 221
Replace the Name Servers(NS) in your domain with the Name Servers (NS) of your NS record.
Dashboard > Domain Registration > Domain > Domain Name > Action > Edit name server
Upvotes: 22
Reputation: 31
You might need to check if you verified the email you used in registering the domain. If the domain is suspended the Certificate would not be issued. You can request another verification link.
Upvotes: 3
Reputation: 2708
What I would do is:
- Verify that the DNS returns what is expected.
For that you can use dig (Linux) or nslookup (Windows), or even better > https://www.digwebinterface.com
If you don't get what is expected, you need to reconfigure the DNS.
- Once it is verified, wait a little bit (10 min to 2h I'd say).
Something to read while you wait:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
- https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
- https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/
- https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html
Upvotes: 7
Reputation: 161
Having the same issue here and I found out that my problem is in the NS record in my domain. My mistake was I didn't update the Name Servers in my domain, what I did was the opposite. I updated the values of the NS record in R53 based on the NS on my domain then I realized that the right thing to do was to update your NS (Name Servers) of your domain to the values of the NS record in R53. Haha (english is not my native language btw).
Just make sure you have the correct Name Servers and correct CNAME suggested by ACM. I waited a day before and still Pending Validation, but when I fixed it it took only a few minutes for my certificate to be issued.
Upvotes: 16
Related Questions
- AWS ACM - One or more domain names have failed validation due to a Certificate Authority Authentication (CAA) error
- Certificate in Pending state in AWS Certificate Manager
- aws_acm_certificate seems to have changed its state output possibly due to a provider update- am I doing this wrong?
- AWS ACM certificate not validating
- AWS Certificate Request Validation Timeout
- ACM won't validate the SSL certificate for my Route53 domain
- AWS ACM Stuck in Pending Validation Unless NS Changed in Domain
- Why isn't my AWS ACM certificate validating?
- ACM certificate - SSL_ERROR_BAD_CERT_DOMAIN
- AWS ACM SSL Protocol error