I have a domain (everythings-connected.com) from Route 53 and a certificate for it created in ACM. I clicked the create records in Route 53 button and I can see them in my hosted zone. The certificate says issued as well. The problem is when I go to the website through a browser it still says unsecured, and if I search it using dig or nslookup or other dns lookup websites the CNAME records never appear. The other ones like A and NS show up just fine though. This all worked fine last year, but when the certificate expired and I tried to renew it things got wacky. Probably because I didn’t know what I was doing and recreated things I didn’t need to.
The certificate showing issued. The domain names are probably redundant I was just trying something:
My hosted zone showing the CNAME records:
What I’ve tried:
- Deleting the hosted zone and recreating it. I made sure my name servers on the domain were in sync with the new ones from the hosted zone and that part seems to work fine
- Deleting and recreating the certificate (several times).
- Waiting 48 hours
- Adding a TXT domain record just to test it and it showed up instantly
- Using multiple websites and commands to look for the CNAME records but to no avail
2
Answers
I get a response just fine.
That issue has absolutely NOTHING to do with the DNS records. You had to create the DNS records to allow ACM to verify you owned the domain name, so that ACM would issue you a free SSL certificate. That’s the end of the DNS involvement in the SSL process. Now you need to configure your services to actually use the SSL certificate. That configuration does not involve DNS/Rout53.
I can see you are using CloudFront from your screenshots. You need to configure CloudFront to use your issued SSL certificate, and also enable this feature to have CloudFront redirect all
httptraffic tohttps.