By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSL creation require additional verification to request a certificate for one or more domain names in this request. (.ru domain zone)

0

SSL creation require additional verification to request a certificate for one or more domain names in request. (.ru domain zone)

The error says write on the forum if I don't have a support plan. One of my projects has already been disabled and one of these days the most critical second project will be disabled. If I need to provide additional information about myself, how do I do it? In all documentation it is written that when using R53 + amplify, everything is done automatically.

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53AWS Certificate Manager
Language
English
Sliding
asked 2 years ago599 views
2 Answers
1
Accepted Answer

Hi There,

I understand that you are getting an error "Additional verification required to request certificates for one or more domain names in this request." (.ru domain zone) when validating the domain name to issue the public certificate via ACM.

Please note this error could be the results of one of two things.

  1. When the certificate contains a domain that ranks within the Alexa top 1000 websites.[1]

  2. Or as of March 10, 2022 ACM has restrictions to issue new certificates for ".ru" domains until further notice.

I see in your case you will no longer be able to issue or renew certificates as your domain falls under the following domains.

  • .RU
  • .BY
  • Бел - Belarus
  • Рф - Russian Federation
  • .moscow
  • .москва - Moscow
  • .SU - Soviet Union
  • (http://ru.com/) .RU.COM
  • .РУС
  • .RU.NET

All Amazon certificates for these domains will remain functional until expiration, but will not be renewable and no new certificates from these domains will be issued.

The only workaround that would work in your scenario would be to obtain a certificate from a third party that can issue a certificate for your domain, and import the certificate into ACM [2]

I trust the above information is helpful to you.

References: ==============

[1] https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html#failed-additional-verification-required

[2] https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

Please note that I personally value your feedback, please accept this answer if you find it helpful to you.

Mfanelo
answered 2 years ago
0

To create a certificate for a domain, the domain must be verified as being owned by you. Ideally this is via DNS validation, where you write a CNAME record to your DNS configuration to establish you have control of your domain name. ACM (Certificate Manager) can update your DNS configuration for you if you manage your DNS records with Amazon Route 53. After you have configured the CNAME record, ACM can automatically renew DNS-validated certificates before they expire. Another option is email validation where ACM sends email to the domain's contact addresses and five common administrative addresses for the domain, i.e.

administrator@your_domain_name

hostmaster@your_domain_name

postmaster@your_domain_name

webmaster@your_domain_name

admin@your_domain_name

Someone must receive that email and click on the link in order to verify the domain.

EXPERT
skinsman
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content