Question 198184 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – AWS route 53 won't validate my DNS certificate

I have the following aws Cloud formation script. It is supposed to wire up some components of a webapp I have been working on. It seems to be stuck on some cert validation. The 2 certs that where validated though email were validated just find. I can’t seem to figure out how to get the www.congresscritters.org cert to validate. Any help would be appreciated.

enter image description here

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  BaseHostedZone:
    Type: 'AWS::Route53::HostedZone'
    Properties:
      Name: congresscritters.org.

  WebCert:
    Type: 'AWS::CertificateManager::Certificate'
    Properties:
      DomainName: www.congresscritters.org
      ValidationMethod: DNS
      DomainValidationOptions:
        - DomainName: www.congresscritters.org
          HostedZoneId: !Ref BaseHostedZone
      SubjectAlternativeNames:
        - congresscritters.org

  WebDistribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      DistributionConfig:
        Aliases:
          - www.congresscritters.org
        DefaultRootObject: index.html
        Origins:
          - DomainName: congress-critters-web-ui-bucket.s3.amazonaws.com
            Id: S3Origin
            S3OriginConfig:
              OriginAccessIdentity: ''
        DefaultCacheBehavior:
          AllowedMethods: ['GET', 'HEAD']
          TargetOriginId: S3Origin
          ViewerProtocolPolicy: redirect-to-https
          Compress: true
          ForwardedValues:
            QueryString: false
        ViewerCertificate:
          AcmCertificateArn: !Ref WebCert
          SslSupportMethod: sni-only
        Enabled: true
        HttpVersion: http2

  BaseRecordSetGroup:
    Type: 'AWS::Route53::RecordSetGroup'
    Properties:
      HostedZoneId: !Ref BaseHostedZone
      RecordSets:
        - Name: www.congresscritters.org
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt WebDistribution.DomainName
            DNSName: Z2FDTNDATAQYW2 # Fixed value for CloudFront
          Comment: Website domain record

  APICert:
    Type: 'AWS::CertificateManager::Certificate'
    Properties:
      DomainName: api.congresscritters.org
      ValidationMethod: EMAIL

  APIDevCert:
    Type: 'AWS::CertificateManager::Certificate'
    Properties:
      DomainName: api-dev.congresscritters.org
      ValidationMethod: EMAIL

  APIRecordSet:
    Type: 'AWS::Route53::RecordSet'
    Properties:
      HostedZoneId: !Ref BaseHostedZone
      Name: api.congresscritters.org
      Type: A
      AliasTarget:
        DNSName: 7wqzggw1za.execute-api.us-east-1.amazonaws.com
        HostedZoneId: Z1UJRXOUMOOFQ8 # Fixed value for API Gateway
      Comment: API domain record

  APIDevRecordSet:
    Type: 'AWS::Route53::RecordSet'
    Properties:
      HostedZoneId: !Ref BaseHostedZone
      Name: api-dev.congresscritters.org
      Type: A
      AliasTarget:
        DNSName: orb9e3jc05.execute-api.us-east-1.amazonaws.com
        HostedZoneId: Z1UJRXOUMOOFQ8 # Fixed value for API Gateway
      Comment: API dev domain record

I have tried checking the various web controls on aws management console as well as reading there documentation.

Tags:

2

Answers


  1. 0

    Since you set ValidationMethod: EMAIL, you have to check the email associated with the domain and verify the SSL cert using the email that you got from the AWS. Alternatively, use DNS validation method.

    Login or Signup to reply.
  2. 0

    Use DNS validation method however Since you set ValidationMethod: EMAIL, you have to check the email associated with the domain and verify the SSL cert using the email that you got from the AWS.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search