I’m trying to create and validate an AWS ACM certificate with Terraform. This is my config:
// not used in this config, but it does exist
resource "aws_route53_zone" "main" {
name = "mycompany.com"
}
resource "aws_route53_zone" "dev" {
name = "dev.mycompany.com"
}
resource "aws_acm_certificate" "cert" {
domain_name = "*.dev.mycompany.com"
validation_method = "DNS"
key_algorithm = "RSA_2048"
}
resource "aws_route53_record" "records" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 300
type = each.value.type
zone_id = aws_route53_zone.dev.zone_id
}
resource "aws_acm_certificate_validation" "validation" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for record in aws_route53_record.records : record.fqdn]
}
But aws_acm_certificate_validation creation takes forever:
aws_acm_certificate_validation.validation: Still creating... [5m30s elapsed]
It never ends.
If I stop the execution with Control + C, I get this:
waiting for ACM Certificate ({arn here}) to be issued: context
canceled
What is wrong in my configuration?
2
Answers
Solved. Problem was due a hosted zone misconfiguration (I changed NS records manually and they didn't match with SOA record). Nothing related to the certificate itself; code in the question is perfectly valid.
It could be the DNS propagation delay that’s getting you. It might take up to 72 hours.
Also, did you try creating via Console? Does it work?