How do I troubleshoot domain transfer failures in Route 53?

6 minute read
1

I want to troubleshoot domain transfer failures in Amazon Route 53.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Troubleshoot failure to transfer a domain from another registrar to Route 53 (transfer in)

Before transferring a domain to Route 53, confirm the following:

Resolve invalid authcode errors

If there are authcode errors, then you receive the message, "The authorization code that you got from the current registrar is not valid". For next steps, see The authorization code that you got from the current registrar is not valid.

Resolve clientTransferProhibited status or domain lock errors

If transfer lock is turned on with your current registrar, then the transfer-in process fails. Run a whois command to confirm that this is causing your domain transfer failure. For example:

$ whois example.com | grep "Status"
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

If you see the serverTransferProhibited status in your whois output, then contact your current registrar for more information.

To turn off transfer lock, use your current registrar's console or contact the registrar.

Determine why a transfer is stuck on step 5 of the transfer process

In step 5 of the domain transfer process, Amazon Route 53 sends a Form Of Authorization (FOA) to the registrant contact email. You must select the confirmation link in that email. If you didn't receive an FOA email, then see To resend the authorization email for a domain transfer.

Note: If you change the registrant email address during the transfer process, then the authorization email might be sent to both the new and previous addresses. You must follow the confirmation link in both emails to proceed.

Determine why you didn't receive a domain transfer authorization email

As part of the domain transfer-in process, Amazon Route 53 sends an authorization email to the domain registrant's email address. You must select the link in that email to verify your email address. Failing to do so might cause your domain to stop working. If you didn't receive the authorization email, then check your email's spam or junk folder. If you still can't find the email, then see To resend the authorization email for a domain transfer.

Determine why the status is "Waiting for the current registrar to complete the transfer"

If your domain transfer-in request is stuck on step 7, then the status is "Waiting for the current registrar to complete the transfer". For more information on how to check your status, see Viewing the status of a domain transfer.

This status indicates that the transfer is waiting on your current registrar's approval. After approval is received, the transfer process can proceed. Depending on your registrar and the requirements of the top-level domain (TLD), this step can take up to 7 days for generic TLDs. The step can take up to ten days for country code TLDs (ccTLDs).

Note: You can't expediate this step in Amazon Route 53. However, you might be able to expedite the domain transfer by contacting your current registrar.

Troubleshoot failure to transfer a domain from Route 53 to another registrar (transfer out)

Resolve "clientTransferProhibited" status errors

The domain registries for all generic TLDs and several geographic TLDs provide the option to lock your domain. Locking a domain prevents someone from transferring the domain to another registrar without your permission. If you turn on transfer lock for a domain, then the status is updated to "clientTransferProhibited". To remove the status, turn off the transfer lock using the following steps:

1.    Open the Route 53 console.

2.    In the navigation pane, choose Registered Domains.

3.    Select the name of the domain that you plan to update.

4.    Under Transfer lock, choose Disable.

Or, you can run the following command in the AWS CLI:

aws route53domains disable-domain-transfer-lock \
    --region us-east-1 \
    --domain-name example.com

In the preceding example, replace example.com with your domain name.

Unlock "Transfer Lock" or remove "clientTransferProhibited" status

You tried to unlock a domain from the AWS Management Console or the DisableDomainTransferLock API. However, you received the following error message: "TLDRulesViolation: [TLD] does not support domain lock/unlock operation".

To resolve this, determine if the TLD supports transfer locking. If the TLD doesn't support transfer locking but you see a lock icon on your domain, then create a support case. For case type, choose Account and billing support.

Transfer domains in closed AWS accounts

When you close an AWS account, all associated AWS resources are deleted, including hosted zones. However, all domain names are maintained until their expiration date. After deleting your account, you can't modify the configuration of the remaining domain names. In this scenario, you can't update name servers or complete the transfer out process.

Create a support case to transfer your domain from the closed account to another AWS account or another registrar. When creating your case, be sure to do the following:

  • Create the support case from the closed account. You can log in to your closed account using the credentials of the AWS account root user.
  • Choose Account and billing support for the case type.
  • Include the domain names that you want to transfer out.
  • Include the destination AWS account number (if transferring to another active AWS account).

Troubleshoot failure to transfer a domain from an AWS account to another AWS account (cross-account transfer)

To initiate the domain transfer, see To transfer a domain to a different AWS account and To accept a domain transfer from a different AWS account.

If you encounter issues when following the steps listed in the preceding documentations, create a support case. For case type, choose Account and billing support.

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago