Amazon requires a CNAME that includes the domain - Cloudfront truncates it


#1

I’m trying to validate with AWS Lightsail Load Balancer that I own a domain in order to create an SSL certificate.

AWS gives me the following entries to add to DNS to prove ownership:

Name: _8cxxxxxxxxxxxxxxxxxxxxxxxxxx.mydomain.com

Value: _6fxxxxxxxxxxxxxxxx.xxxxxxxxxxx.acm-validations.aws

Unfortunately, Cloudfront is dropping my domain name from the name suffix.

_8cxxxxxxxxxxxxxxxxxxxxxxxxxx.mydomain.com

is saved as

_8cxxxxxxxxxxxxxxxxxxxxxxxxxx

This is preventing me from being able to prove the domain is mine, and using a CNAME is the only method Amazon provide.

Is there a way to get Cloudfront to store the full name I enter without dropping the “.mydomain.com” from the end of the CNAME name?


#2

The record _8cx exists in your zone in Cloudflare and a DNS lookup for it resolves and returns the value you specified in the Cloudflare control panel.


#3

Thanks. I went to delete and recreate one of the records - on clicking the X delete button, the popup confirmation message “Are you sure you want to delete the CNAME Record?” shows the complete CNAME - it appears it is just the Name column on the DNS Records page truncating it for display. Twas a tad confusing.

My current issue is that the CNAME records are not showing up externally yet - waiting for DNS changes to propagate I guess. I’ve disabled flattening and have set the cloud to grey to ensure that Cloudfront is only DNS hosting these records, and not obsfucating them by acting as a HTTP Proxy.