0

In AWS account X, I already have a hosted zone and a valid certificate for my domain, mydomain.com. In AWS account Y, I would like to create a subdomain mysubdomain.mydomain.com and create a certificate for that subdomain.

In account Y I requested a certificate for mysubdomain.mydomain.com (also covering *.mysubdomain.mydomain.com). I created a hosted zone for mysubdomain.mydomain.com and added a CNAME record to that hosted zone based on the newly requested certificate.

Finally, in my original hosted zone in account X, I created an NS record for mysubdomain.mydomain.com and copied over the name servers from the hosted zone in account Y.

My certificate request is still pending validation. Is there a step I have missed which is needed to make AWS validate the certificate?

EDIT: additionally, when I do nslookup -mysubdomain.mydomain.com, I get server can't find mysubdomain.mydomain.com: NXDOMAIN. (nslookup works for the root domain.) That might help diagnose the issue?

fblundun
  • 987
  • 7
  • 19
  • You listed all the correct steps. Since you are delegating the sudbomain to another Route53 zone, it may take a while to propagate if you set all that up at the same time. You should try testing the DNS records via something like https://dnschecker.org/ to verify those CNAME records AWS is looking for are actually showing up on DNS queries. – Mark B Aug 15 '22 at 14:26

1 Answers1

0

For posterity, the answer is: yes the steps I listed are sufficient, I had just accidentally created the NS record in the wrong hosted zone.

fblundun
  • 987
  • 7
  • 19