- Newest
- Most votes
- Most comments
Hello.
If you receive that message, it may work if you delete the ACM verification DNS record and then register it again.
https://repost.aws/knowledge-center/certificate-fails-to-auto-renew
Validate that your CNAME
validation record is resolvable by using a tool like dig
or nslookup
or similar to resolve it. A correctly working CNAME
should be resolvable as follows from any computer on the Internet. In this case, I am looking up the CNAME
_e5f000fdaea220228e420f2b5256e43f.example.com
. (Note, this is a fictitious example, you need to use your own CNAME here).
% dig _e5f000fdaea220228e420f2b5256e43f.example.com.
; <<>> DiG 9.10.6 <<>> _e5f000fdaea220228e420f2b5256xxx.swyd.ca.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11832
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_e5f000fdaea220228e420f2b5256xxx.example.com. IN A
;; ANSWER SECTION:
_e5f000fdaea220228e420f2b5256xxx.swyd.ca. 300 IN CNAME _aba7aefb0cab414f85c552723a7dxxx.gbwdrhjxvn.acm-validations.aws.
;; AUTHORITY SECTION:
gbwdrhjxvn.acm-validations.aws. 900 IN SOA ns-94.awsdns-11.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
If it is not resolvable, or it does not return the CNAME
value specified on the Domains section of the Certificate Status page, then you need to identify where your DNS needs to be updated. Note that DNS TTLs can affect how much time you have to wait for a record to be correctly present on the Internet.
Thank you for the anwser, but unfortunately i did tried with nslookup -type=CNAME _aasd2123.example.com it does given the info regarding DNS
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
Thank you for the anwser, but unfortunately it doesnt work
If I create the domain for verification again in ACM and re-register it, will it be updated?
Not sure what exactly you meant in your last comment, but I removed the CNAME and from the DNS and added again but issue still persist