- Newest
- Most votes
- Most comments
The authoritative nameservers for gorillabricc.com are managed by NameCheap. The authoritative nameservers for www.gorillabricc.com are set to Route53. If you issued a cert for the apex domain (no 'www'), then that would explain the validation issue. Setting Route53 nameservers as authoritative can be accomplished by using the "custom DNS" option in NameCheap.
https://www.namecheap.com/support/knowledgebase/article.aspx/767/10/how-to-change-dns-for-a-domain/
See this re:Post article for further info: https://repost.aws/knowledge-center/route-53-validate-acm-certificates
A similar issue was described here: https://repost.aws/questions/QU9fQaXP-JT3CxrJkTiYtCoA/acm-certificate-stuck-in-pending-validation-status-despite-correct-dns-cname-record-in-route-53
When an ACM certificate is stuck in "Pending validation" status despite having the correct CNAME records, there are several potential causes to investigate:
-
Validation Timeout: If validation doesn't complete within 72 hours, ACM changes the certificate status to "Validation timed out." Since you've waited over 96 hours, you may need to delete the failed request and create a new one.
-
DNS Configuration Issues: Check for these common problems:
- Ensure there are no Certification Authority Authorization (CAA) records blocking certificate issuance for your domain
- Verify that all domains in your certificate request (both gorillabricc.com and www.gorillabricc.com) have their respective CNAME validation records properly set up
- Check for NS record conflicts - having both NS records and CNAME records for the same name can create DNS resolution conflicts
-
Nameserver Configuration: Verify that your domain is using the correct nameservers. One common issue is when the nameservers configured at your domain registrar don't match the nameservers shown in your Route 53 hosted zone.
-
Region Verification: Confirm that the certificate is being requested in the correct region (us-east-1) for CloudFront usage.
Unfortunately, there's no way to force ACM to re-check validation. At this point, since you've exceeded the 72-hour validation window, your best option is to:
- Delete the pending certificate request
- Create a new certificate request
- Add the new CNAME validation records
- Verify DNS resolution with nslookup or dig before proceeding
If the issue persists with a new certificate request, you may want to contact AWS Support for further assistance.
Sources
ACM certificate stuck in “Pending validation” status despite correct DNS CNAME record in Route 53 | AWS re:Post
Troubleshoot DNS validation problems - AWS Certificate Manager
AWS Certificate Manager DNS validation - AWS Certificate Manager
ACM Certificate Validation Pending indefinitely | AWS re:Post
But ........ ?????????????????????
nslookup -type=NS gorillabricc.com Server: Unknown Address: 10.0.0.1
Non-authoritative answer: gorillabricc.com nameserver = dns2.registrar-servers.com gorillabricc.com nameserver = dns1.registrar-servers.com
dns1.registrar-servers.com internet address = 156.154.132.200 dns2.registrar-servers.com internet address = 156.154.133.200 dns1.registrar-servers.com AAAA IPv6 address = 2610:a1:1024::200 dns2.registrar-servers.com AAAA IPv6 address = 2610:a1:1025::200
C:\Windows\System32>nslookup -type=CNAME _dab198a57c83319fc2f5126b9d09c5b.gorillabricc.com Server: Unknown Address: 10.0.0.1
Non-authoritative answer: _dab198a57c83319fc2f5126b9d09c5b.gorillabricc.com canonical name = _e873c6f40e6b466d7ee863458f42c020.xlfgmrwvlj.acm-validations.aws
C:\Windows\System32>nslookup -type=CNAME _51fd6471df7afa8dbb7172a93bb573c.www.gorillabricc.com Server: Unknown Address: 10.0.0.1
Non-authoritative answer: _51fd6471df7afa8dbb7172a93bb573c.www.gorillabricc.com canonical name = _15ed08c2f2fb76bef1b6523c5529d01.xlfgmrwvlj.acm-validations.aws