- Newest
- Most votes
- Most comments
Hi,
For certificate validation, you need to have your registered domain delegating to a DNS zone and then add a CNAME record provided by Lightsail, added to this DNS zone.
So, you have mentioned your domain is registered with Hostinger, but where is your DNS management being done at present? You can use either Lightsail's DNS management OR Route53's DNS management - but best to stick with just one of these i.e. you do NOT want to have both a Lightsail DNS zone and a Route53 hosted-zone - since the domain can only delegate to one of these.
Next you would need to setup records in your DNS zone for both your sub-domain and add the certificate CNAME record. Once all these pieces are correctly linked and AWS is able to verify it, the certificate will get validated.
The steps would be as follows:
- Create Lightsail DNS zone OR Route53 hosted-zone (pick one)
- Update the Name servers at Hostinger with the name servers provided by Lightsail DNS zone (all further steps assume Lightsail DNS zone, but same can be done instead in Route53 hosted-zone)
- Confirm the name server update is successful at Hostinger (if they provide such visibility)
- Another way to confirm that name server update is successful, is to run command
dig NS <replace-with-your-domain-name>
and check that the response lists the name servers you entered that were provided by and match those of Lightsail DNS zone - Add
CNAME record
to the Lightsail DNS zone for your sub-domain with value as the load-balancer's default endpoint - Add a second
CNAME record
to the Lightsail DNS zone with name and value as provided by the load-balancer certificate - Confirm first record is correct. One way is to run command
dig CNAME <replace-with-your-sub-domain-name>
and check that the response lists the load-balancer endpoint (and optionally some IPs) - Confirm second record is correct. One way is to run command
dig CNAME <replace-with-name-from-certificate's-validation-record>
and check that the response lists the value from the certificate's validation record - Wait few minutes and the certificate should get validated
Thanks.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago