I am using Window Server 2019 for DNS management.
I have created a public SSL certificate for domain *.example.mydomain.hk
in AWS Certificate Manager(ACM)
After that, I add The DNS configuration for the SSL cert.
Below image is get from online. My setting:
Alias name: _66fxxxxxxxxx(auto generated after entering Full qualified domain name)
Full qualified domain name: _66fxxxxxxxxx.example.mydomain.hk
Fully qualified domain name for target host: _3ddxxxxxxxx.abcde.acm-validations.aws.
[![enter image description here][1]][1] But error occur in ACM and the status become failed
The status of this certificate request is "Failed". One or more domain names have failed validation due to a Certificate Authority Authentication (CAA) error.
When I `dig _66fxxxxxxxxx.example.mydomain.hk`, it shows:
; <<>> DiG 9.10.6 <<>> _66fxxxxxxxxx.example.mydomain.hk. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_66fxxxxxxxxx.example.mydomain.hk. IN A
;; ANSWER SECTION: _66fxxxxxxxxx.example.mydomain.hk. 3599 IN CNAME _3ddxxxxxxxx.abcde.acm-validations.aws.
;; AUTHORITY SECTION: abcde.acm-validations.aws. 899 IN SOA ns-75.awsdns-09.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
...
How should I solve this issue?
[1]: https://i.sstatic.net/ohEdu.png
Finally added a CAA Record for *.example.mydomain.hk
and works now.
*.example.mydomain.hk IN CAA 0 issue "amazon.com"