AWS (ACM) certificate failed to verify CNAME DNS record

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

My AWS (ACM) (public) certificates keep failing verification, using CNAME DNS records, this was working just fine up till the previous cert expired. When adding a new certificate it keeps failing for a subdomain I am using to serve assets via AWS cloudfront/S3, this same verification issue is appearing on another subdomain I have from someone else’s AWS account for a different service

to confirm, these records have proxy set to “Off” - it wont allow me to set to “On” in any case because these records all start with a underscore “_”

Is CNAME flatenning enabled?

  • If a CNAME target is being used to verify a domain for a third-party service, enabling the Flatten all CNAMEs setting may cause that functionality to work incorrectly since the CNAME record itself will not be returned directly.

Go to https://dash.cloudflare.com/?to=/:account/:zone/dns/settings and make sure “CNAME flattening” is set to “Flatten CNAME at apex”

1 Like

Hi Erisa

I did see an article about this - Flattening is currently set to “Flatten [CNAME] at apex”

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.