AWS (ACM) certificate failed to verify CNAME DNS record

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

My AWS (ACM) (public) certificates keep failing verification, using CNAME DNS records, this was working just fine up till the previous cert expired. When adding a new certificate it keeps failing for a subdomain I am using to serve assets via AWS cloudfront/S3, this same verification issue is appearing on another subdomain I have from someone else’s AWS account for a different service

to confirm, these records have proxy set to “Off” - it wont allow me to set to “On” in any case because these records all start with a underscore “_”

Is CNAME flatenning enabled?

  • If a CNAME target is being used to verify a domain for a third-party service, enabling the Flatten all CNAMEs setting may cause that functionality to work incorrectly since the CNAME record itself will not be returned directly.

Go to and make sure “CNAME flattening” is set to “Flatten CNAME at apex”

1 Like

Hi Erisa

I did see an article about this - Flattening is currently set to “Flatten [CNAME] at apex”

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.