CNAME record for DNS validation


I created an SSL Certificate through AWS Certificate Manager. Then added the CNAME records to Cloudflare. AWS performed a DNS lookup for your CNAME record which resulted in no response, meaning that the CNAME record for DNS validation still cannot be resolved. They also say records are resolving to some default A-records on Cloudflare.

I was looking at this post: Unable to verify CNAME record
in which Sandro has provided a suggestion which seemed to help. But this link ,, says the CNAMES should be proxied.

Please advise.

Thank you

It shouldnt be proxied.

Thank you Sandro for your response.

  1. Should we leave it not proxied always or should we proxy it after AWS validation?
  2. If we leave it not proxied, what about security concerns as Cloudflare is suggesting in the other link?

It depends on whether Amazon revalidates. If it doesnt you can probably remove the record altogether, otherwise it should stay unproxied.

There are no real security concerns in this context.

Thank you Sandro for your inputs, it helped.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.