- Newest
- Most votes
- Most comments
Details are here https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
In short, to prove you own the domain that the certifcate is being issued for, ACM will request that you create a CNAME record name that's a random string like _a79865eb4cd1a6ab990a45779b4e0b96.[your_domain].com. with a record value of _424c7224e9b0146f9a8808af955727d0.acm-validations.aws.
If Route 53 is your registrar then this can all be done automatically (you might need to click a few times in the AWS Console when it's first setup). If you're using a third-party registrar then the new DNS records need to be added on that side. AWS can't do that, you need to do that yourself, or ask you registrar to do it.
You can verify the records are there by using tools like nslookup or dig on the command line, and also https://toolbox.googleapps.com/apps/dig/
Common problems and troubleshooting steps are here https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html
1st you may check nslookup if the DNS entries are proper. If you have included the ACM DNS record value with 1st underscore _. Can you mention where you have purchased your domain. Some domain providers has Proxy enabled, Once you validate the DNS record properly, it should get validated in ACM and able for auto-renewal.
If you uploaded the SSL manually, it wont auto-renew.
If you still face the issue, check once with you domain provider support/ AWS Support.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago