amazon-web-servicesssldnswindows-server-2019aws-certificate-manager

AWS ACM - One or more domain names have failed validation due to a Certificate Authority Authentication (CAA) error


I am using Window Server 2019 for DNS management.

I have created a public SSL certificate for domain *.example.mydomain.hk in AWS Certificate Manager(ACM)

After that, I add The DNS configuration for the SSL cert.

Below image is get from online. My setting:

Alias name: _66fxxxxxxxxx(auto generated after entering Full qualified domain name)
Full qualified domain name: _66fxxxxxxxxx.example.mydomain.hk
Fully qualified domain name for target host: _3ddxxxxxxxx.abcde.acm-validations.aws.

[![enter image description here][1]][1] But error occur in ACM and the status become failed

The status of this certificate request is "Failed". One or more domain names have failed validation due to a Certificate Authority Authentication (CAA) error.

When I `dig _66fxxxxxxxxx.example.mydomain.hk`, it shows:

; <<>> DiG 9.10.6 <<>> _66fxxxxxxxxx.example.mydomain.hk. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_66fxxxxxxxxx.example.mydomain.hk. IN A

;; ANSWER SECTION: _66fxxxxxxxxx.example.mydomain.hk. 3599 IN CNAME _3ddxxxxxxxx.abcde.acm-validations.aws.

;; AUTHORITY SECTION: abcde.acm-validations.aws. 899 IN SOA ns-75.awsdns-09.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

...

How should I solve this issue?

  [1]: https://i.sstatic.net/ohEdu.png

Solution

  • Finally added a CAA Record for *.example.mydomain.hk and works now.

    *.example.mydomain.hk  IN  CAA 0 issue "amazon.com"