DNS verification for SSL/TLS certificate is failing

DNS debugging generally is a straightforward process

• DNS changes can take some time to propagate globally. You can use online tools such as DNS Checker or Google's Dig tool to check DNS propagation. You might want to wait a few hours (or up to 48 hours in some cases) before confirming that the CNAME record has not propagated.
• In AWS Certificate Manager, check the status of the domain validation. You should see 'pending validation' or 'failed'. If it's still 'pending', you may need to wait for a while. If it has failed, it should provide some information or hints about what went wrong.
• Try setting the TTL value of the CNAME record to a lower value, like 300 seconds (5 minutes). This can sometimes help speed up propagation. Be aware that this will not help if the record has already propagated with a longer TTL value.
• Using the AWS CLI or SDKs, call the describe-certificate command to get more detailed information about the status of the certificate and the validation process.
• Local DNS caching can cause issues. If you recently changed DNS settings and have old DNS data cached locally, you might not be seeing the latest information. You can flush DNS cache in your local system to see the latest information.

As described in this document, I think you need to re-register the CNAME record for verification first.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html

Possible causes include the FQDN not resolving to a name or the certificate not being used.