How can I resend the validation email to verify my domain for ACM?
I used email validation to request a certificate from AWS Certificate Manager (ACM) to verify my domain, but I didn't receive the validation email.
Short description
You might not receive the validation email for the following reasons:
- You didn't configure an MX record for the domain.
- Your registrar doesn't support domain email forwarding.
- The request wasn't a publicly trusted certificate that ACM issued.
- The request was for an imported certificate or was signed by a AWS Private Certificate Authority private CA.
- The certificate uses resources in an Amazon Virtual Private Cloud (Amazon VPC) private hosted zone. ACM can't validate resources in an Amazon VPC private hosted zone or private domains.
Important: In 2024, ACM will discontinue WHOIS lookup for email-validated certificates. It's a best practice to use DNS validation instead of email validation.
Resolution
First, follow the troubleshooting steps in the ACM User Guide. If these troubleshooting steps don't resolve your issue, then use Amazon WorkMail or Amazon Simple Email Service (Amazon SES) with Amazon Simple Notification Service (Amazon SNS) to configure your domain to receive the validation email.
Use WorkMail to resend the validation email
Complete the following steps:
- Open the WorkMail console, and then create an organization.
- Add a domain.
- Select the organization, and then choose Create user.
- Enter a username and display name for "admin", and then choose Next step.
Note: You can also use "hostmaster", "postmaster", and "webmaster" for the username. Don't use "administrator" because it's the AWS Organizations default system user account. - Enter your primary email address and password for the new user.
- In the dropdown list next to Email address, choose your domain, and then choose Add user.
- Resend the validation email.
- Sign into the Amazon WorkMail web client for the username.
- Open the validation email in your WorkMail web client inbox to verify the domain name, account ID, and certification identifier.
- To accept the certificate and verify your domain name, choose I Approve. You receive the message "You have APPROVED this validation request."
Note: Validation emails are valid for only 72 hours.
For more information, see How do I add and verify a domain to use with WorkMail?
Use Amazon SES and Amazon SNS to resend the validation email
To create an Amazon SNS topic, complete the following steps:
- Open the Amazon SNS console.
- Choose Topics, and then choose Create topic.
- For Topic type, choose Standard.
- Enter a topic name and display name, and then choose Create topic.
- Choose Create topic, and then choose Create subscription.
- For Protocol, choose Email.
- For Endpoint, enter your email address, and then choose Create subscription. A confirmation email is sent to the subscribed endpoint.
- From the confirmation email, choose Confirm subscription. You receive the message "Subscription confirmed!"
To verify your domain, complete the following steps:
- Open the Amazon SES console.
- Choose Identities, and then choose Create identity.
- Under Identity details, select Domain.
Note: To complete the verification process, you must have access to the domain's DNS settings. - In the Domain field, enter the name of the domain or subdomain.
- Select Enabled in the DKIM signatures field, and then choose Create identity.
- Open the Amazon Route 53 console, and then choose Hosted zones.
Note: If Route 53 doesn't host your domain, then manually enter the record set in your domain registrar's DNS settings. - For Hosted zones, select your domain name, and then choose Create Record.
- Under Record type select MX --Specifies mail servers.
- Select your MX record set, enter your domain or subdomain name, and then select MX --Mail exchange.
- For Value, enter the MX record priority domain name values of the email server.
Note: If you have multiple email servers, then specify a priority value of 10 so that email is almost equally routed to your servers. - Choose Create records.
To create Amazon SES rules, complete the following steps:
- Open the Amazon SES console.
- Choose Email receiving, and then choose Create rule set.
- For Rule set name, enter a name for the rule, and then choose Create rule set.
- Choose Create rule, enter a rule name, and then choose Next.
- For Recipient conditions, choose Add new recipient condition, and then enter any of the following validation email addresses:
administrator@your_domain
hostmaster@your_domain
postmaster@your_domain
webmaster@your_domain
admin@your_domain
Note: Receipt rule sets are either in the Enabled or Disabled status. Only one receipt rule set can be active at any time. For more information, see Creating rule sets and receipt rules. - Choose Next.
- On the Add new action dropdown list, choose Publish to Amazon SNS topic.
- On the SNS topic menu, select the SNS topic, and then choose UTF-8.
- On the Add new action dropdown list, choose Stop rule set, and then choose Next.
- On the Review page, choose Create rule.
- Select your rule set, and then choose Set as active.
To resend the validation email and verify the domain, complete the following steps:
- Resend the validation email. You receive an email message for each domain that's listed with the subject "Amazon SES Email Receipt Notification".
Note: If the email isn't correctly formatted, then search the email for the certificate validation link, \r\nTo approve this request, go to Amazon Certificate Approvals at\r\n. - Open the validation email from the Amazon SES notification to verify the domain name, account ID, and certification identifier.
- To accept the certificate and verify your domain name, choose I Approve. You receive the message "You have APPROVED this validation request."
Note: Validation emails are valid for only 72 hours.
Related information
Why didn't I receive the validation email to issue or renew ACM certificates?
(Optional) Configure email for your domain
How does the ACM managed renewal process work with email-validated certificates?
Why can't I resend the validation email from ACM to renew a certificate?
Video correlati
Contenuto pertinente
- AWS UFFICIALEAggiornata 6 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa