How to add SSL to CNAME pointing at .AWS?

Client needs to add an end-to-end SSL CNAME record for a web app hosted on .AWS. They provided Name (xyz.active) and Target (xyz.acm-validation.aws) - how can we add an SSL certificate to this?

That’s a question for Amazon I am afraid. From Cloudflare you can get an Origin certificate, but that’s only valid for Cloudflare and will still need to be configured on their server, so not different from Let’s Encrypt.

If there’s already a certificate for xyz.acm-validation.aws, then that would work as CNAME entry as well, but you’d need a valid certificate for exactly that hostname.

Thanks for this, checking with the client re amazon cert.

That appears to be a SSL validation request that AWS needs to issue a certificate. This will most likely be a CNAME record where the value points to the validation.aws domain. This cannot be proxied. Once that DNS record is created AWS will issue the certificate for use on the AWS platform. That certificate cannot be exported and is only installable on AWS managed infrastructure (ALB, CloudFront, etc.). If that CNAME record is not deleted AWS will automatically renew the SSL certificate before it expires.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.