Getting an AWS ACM Certificate

Question

I'm trying to setup a CloudFront Distribution with a Certificate:

I've requested the Certificate multiple times now and it keeps failing & I'm using the N Virgina region:

I've setup the hosted zone and the website's DNS is in the 48hr period of propagating and its available in the USA and Aus.

Why does it keep on failing when I request an ACM? I've tried to validate via both DNS and Email with no luck.

So you actually own the domain already? And you are using Route53 as the domain's authoritative DNS server? What happens when you take the DNS records ACM is telling you to create, and enter them in here? https://mxtoolbox.com/DNSLookup.aspx — Mark B, May 03 '23 at 12:04
Yes, owned, hosted on Route53, setup a Hosted Zone and the registered Domains Name Servers are setup successfully. Doing a whois works as expected. — Jeremy Thompson, May 03 '23 at 12:27
That answers 2 of 3 clarification questions that I asked. What happens when you take the DNS records ACM is telling you to create, and enter them in here? mxtoolbox.com/DNSLookup.aspx — Mark B, May 03 '23 at 12:31
Sorry Mark I appreciate your help, how do I take the DNS record the ACM is telling me to create, it's just SydneyRaveHistory..com and Requesting it in ACM fails. — Jeremy Thompson, May 03 '23 at 13:35
If you are using DNS validation, then ACM will tell you to create some DNS records to validate you own the domain. If you haven't been creating those validation records, then that would explain why the validation is failing. Please see the documentation on this subject https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html — Mark B, May 03 '23 at 13:39

score 0 · Answer 1 · edited Jul 03 '23 at 10:29

Thanks to Mark B for his help, there's videos on the internet saying the CNAME entries from the ACM Certificate request get automatically added.

I reviewed an old video and in the old AWS Website there was a blue button "add CNAMEs to Route53"!

That function is missing and you have to explicitly add a CNAME entry.

First off, get your CNAME Details from the ACM request:

Then in Route53 add a CNAME Record as well as the A record that points the CloudFront Distribution (using the Alias Switch):

After every major change wait 3 hours, it should be faster in most cases.

It's not DNS..
It can't be DNS...
It was DNS

1 Answers1