ACM was unable to renew the certificate automatically

0

I have a issued certificate. I recently received email from Amazon that contained 'AWS Certificate Manager (ACM) was unable to renew the certificate automatically using DNS validation. You must take action to ensure that the renewal can be completed. If the certificate is not renewed and the current certificate expires, your website or application may become unreachable.' Verified that all correct CNAME records are present in the DNS configuration for each of the two domains on the cert. But certificate renewal status is pending. It couldn't renew. I can't find any information on how to. How am i solve this problem?

Ennur
asked a year ago531 views
2 Answers
0

Details are here https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html

In short, to prove you own the domain that the certifcate is being issued for, ACM will request that you create a CNAME record name that's a random string like _a79865eb4cd1a6ab990a45779b4e0b96.[your_domain].com. with a record value of _424c7224e9b0146f9a8808af955727d0.acm-validations.aws.

If Route 53 is your registrar then this can all be done automatically (you might need to click a few times in the AWS Console when it's first setup). If you're using a third-party registrar then the new DNS records need to be added on that side. AWS can't do that, you need to do that yourself, or ask you registrar to do it.

You can verify the records are there by using tools like nslookup or dig on the command line, and also https://toolbox.googleapps.com/apps/dig/

Common problems and troubleshooting steps are here https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-DNS-validation.html

profile picture
EXPERT
Steve_M
answered a year ago
0

1st you may check nslookup if the DNS entries are proper. If you have included the ACM DNS record value with 1st underscore _. Can you mention where you have purchased your domain. Some domain providers has Proxy enabled, Once you validate the DNS record properly, it should get validated in ACM and able for auto-renewal.

If you uploaded the SSL manually, it wont auto-renew.

If you still face the issue, check once with you domain provider support/ AWS Support.

answered a year ago
profile picture
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions