ACM Cert Renewal Problem when GoDaddy is the Registrar

I recently received an email from AWS saying that my cert was about to expire and that since I had email validation turned on they had sent me a separate email with a link to verify renewal.

I never received the separate e-mail.

My domain is hosted on Route53 but GoDaddy is the registrar. I finally figured out that since ACM uses the email addresses in the whois records as the authoritative e-mail address for validating cert renewals, it doesn't work with certain godaddy domain configurations. At godaddy, I had their privacy features turned on. I finally figured out that godaddy has stopped putting valid email addresses into whois records and instead puts links to the godaddy web site in those whois fields. That means that any emails sent from ACM will never arrive or will silently fail to send.

I worked around the problem by briefly turning off domain privacy at godaddy, then having ACM resend the emails, then turning privacy back on. But as long as godaddy doesn't write valid email addresses in the whois records ACM email validation won't work for domains registered at godaddy that have privacy turned on.

This is actually a godaddy bug, but it bites anyone who is hosting their zone at route53 and using ACM certs. In the past, godaddy would write a valid email address in whois records (e.g. foo.com@domainsbyproxy.com) and forward emails sent to that address to the domain name owner. Not anymore.

I'm just posting this here for the benefit of anyone who has a domain registered at godaddy but is using ACM certs on AWS.