DNS verification for SSL/TLS certificate is failing

0

I have a multi domain certificate in ACM. It was expired and renewal was failing since DNS verification was failing for one of the domains. I have already added the CNAME records in route 53 under the domain. Is there's anyway to debug the issue and find the root cause?

2 Answers
1

DNS debugging generally is a straightforward process

  • DNS changes can take some time to propagate globally. You can use online tools such as DNS Checker or Google's Dig tool to check DNS propagation. You might want to wait a few hours (or up to 48 hours in some cases) before confirming that the CNAME record has not propagated.
  • In AWS Certificate Manager, check the status of the domain validation. You should see 'pending validation' or 'failed'. If it's still 'pending', you may need to wait for a while. If it has failed, it should provide some information or hints about what went wrong.
  • Try setting the TTL value of the CNAME record to a lower value, like 300 seconds (5 minutes). This can sometimes help speed up propagation. Be aware that this will not help if the record has already propagated with a longer TTL value.
  • Using the AWS CLI or SDKs, call the describe-certificate command to get more detailed information about the status of the certificate and the validation process.
  • Local DNS caching can cause issues. If you recently changed DNS settings and have old DNS data cached locally, you might not be seeing the latest information. You can flush DNS cache in your local system to see the latest information.
profile picture
EXPERT
answered a year ago
0

As described in this document, I think you need to re-register the CNAME record for verification first.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html

Possible causes include the FQDN not resolving to a name or the certificate not being used.

profile picture
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions