Cannot validate domain ownership of AWS Certificate Manager

I tried creating public certificate on AWS Certificate Manager and I chose "Validate domain ownership ". AWS generated the following CNAME configuration.

Domain Name   *.example.com
Record Name   _xxxx.example.com
Record Type   CNAME
Record Value  _xxxxx.xxxxx.acm-validations.aws.

So I have create a CNAME record with following items on Cloudflare:

Type "CNAME"
Name filed _xxxx.example.com
Domain Name filed  _xxxxx.xxxxx.acm-validations.aws.

Finally, I tried to execute dig command but it does not show anything and ACM status is still pending. Is there any idea?

Thanks in advance.

1 Like

I have already tried to call following command but I got nothing:

$ dig _xxxx.example.com. cname +short
1 Like

Make sure it is not proxied but set to :grey:.

2 Likes

Thanks you for your quick response. I changed status to ‘DNS only.’ Is it take long time to enable?

And I would appreciate if you could tell me reason why I should use “DNS only” status.

1 Like

It can take a few minutes. If you proxy it Amazon will never get the actual CNAME value but the proxied address and hence not be able to validate it.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.