Can you validate an ACM public certificate using a domain record in a Route 53 private hosted zone?

Question

I'm trying to create an ACM public certificate and then validate it using a domain record in a Route 53 private hosted zone, but the setup isn't working. I don't see an option to specify the private hosted zone ID in the validation request. Is it possible to validate an ACM public certificate using a domain record in a Route 53 private hosted zone?

Accepted Answer

It's not possible to validate an ACM public certificate using a domain record in a Route 53 private hosted zone.

When you request an ACM public certificate using DNS validation, ACM provides a CNAME record that you must add to your DNS configuration to validate your ownership of the domain. Because anyone can create a private DNS zone and put records on it under any domain name, being able to make a change in a private DNS zone doesn't prove public ownership of the domain.

For more information on DNS validation, see [DNS validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) in the ACM user guide.

Can you validate an ACM public certificate using a domain record in a Route 53 private hosted zone?

相關內容