- 最新
- 最多得票
- 最多評論
If you get AWS Certificate Manager to create the TXT record in Route 53 then it should be very quick.
Did you click on Create record in Route 53 when creating the certificate?
DNS validation for SSL certificates typically doesn’t take long, but there are a few factors to consider: Initial Validation: When you request an SSL certificate through AWS Certificate Manager (ACM), you can choose DNS validation. ACM provides you with one or more CNAME records that you need to add to your DNS provider’s database. These records serve as proof that you control the domain. After adding the CNAME records, ACM validates your domain ownership. The process usually completes quickly, but your new certificate might continue to display a status of “Pending validation” for up to 30 minutes12. Propagation Time: The time it takes for DNS records to propagate depends on your DNS provider. If you use Amazon Route 53 to manage your public DNS records (which is recommended), ACM automatically creates the necessary CNAME records for you. In this case, the propagation time is minimal. If you’re not using Route 53, you’ll need to manually enter the CNAME records provided by ACM into your provider’s database. Give it about 10 minutes for the changes to propagate3. Validation Timeout: If your certificate hasn’t been validated within 72 hours, it will receive a status of "Validation time out"2. Remember to check your certificate status periodically, and once it’s validated, you’ll have a secure SSL certificate for your domain!
I am with you on creating a CNAME record in your DNS providers that establishes that you are the owner. However one can choose to use Route53 for their DNS zone record, here you create your hosted zone and get name server info from AWS. I am assuming one has to populate AWS name server in your DNS provider by doing that you prove your ownership. Hence when it comes to requesting the certificate, you can simply add CNAMEs to route53 and do DNS validation quickly(as you have proved your ownership in the previous step). Please let me know if my understanding is correct.
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
I did yes. I don't have much experience with it but when I have done it in the past it did not take this long. I thought maybe since the previous SSL did not renew and was expired there may have been another issue that was preventing the new SSL from being validated within the same domain.