Cannot validate domain ownership of AWS Certificate Manager


#1

I tried creating public certificate on AWS Certificate Manager and I chose "Validate domain ownership ". AWS generated the following CNAME configuration.

Domain Name   *.example.com
Record Name   _xxxx.example.com
Record Type   CNAME
Record Value  _xxxxx.xxxxx.acm-validations.aws.

So I have create a CNAME record with following items on Cloudflare:

Type "CNAME"
Name filed _xxxx.example.com
Domain Name filed  _xxxxx.xxxxx.acm-validations.aws.

Finally, I tried to execute dig command but it does not show anything and ACM status is still pending. Is there any idea?

Thanks in advance.


#2

I have already tried to call following command but I got nothing:

$ dig _xxxx.example.com. cname +short

#3

Make sure it is not proxied but set to :grey:.


#4

Thanks you for your quick response. I changed status to ‘DNS only.’ Is it take long time to enable?

And I would appreciate if you could tell me reason why I should use “DNS only” status.


#5

It can take a few minutes. If you proxy it Amazon will never get the actual CNAME value but the proxied address and hence not be able to validate it.


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.