Why is necessary to use DNS only instead of Proxi mode for ACM validation CNAME records?

I was validating an ACM SSL certificate using DNS validation and managed to do it following this topic, but did not understand why DNS only works were Proxy mode does not?

Why AWS ACM DNS validation works only adding DNS only CNAME validation records but do not just leaving them in Proxy mode?

Proxy mode usually hides the value of the CNAME, and makes it look more like an “A” record, as described by @sandro in the last comment.

1 Like