aws-cloudformationaws-acm

Trouble creating certificate in AWS ACM via Cloudformation


I am trying to understand how certificates are managed in AWS ACM. My end goal is to deploy a service using https and I need to do it all via IaC, and I am using Cloudformation.

I already ran a previous CF stack to create the hosted zone and everything I need.

Now I am trying to run a CF stack to create the certificate itself. I have matched the hostedzoneID with the certificate, the hostedzone has a CNAME record for the certificate validation _somethingblablablaf4fb148188e5.dfgdfgsmznr.acm-validations.aws.

The stack runs OK and the certificate is being created in ACM. The validation chosen in the CF template is explicitely DNS.

Yet, the certificate is stuck in pending validation all the time and expires after 72 hours.

I read AWS docs and I have done everything as they ask as far as I know. I am not sure what is going wrong here.

Would anyone have any idea?

My CF template:

Parameters:
  DomainName:
    Type: String
    Description: The name of the domain you want to register.
  wagWorldHostedZone:
    Type: String
    Description: The hostedZoneID of the Hosted Zone you previously created.

Resources:
  wagWorldCertificate:
    Type: AWS::CertificateManager::Certificate
    Properties:
      DomainName: !Ref DomainName
      ValidationMethod: DNS
      DomainValidationOptions:
        - DomainName: !Ref DomainName
          HostedZoneId: !Ref wagWorldHostedZone

Solution

  • You have to configure your domain registrar to use the Route53 hosted zone's name servers. Until you do that the DNS records in your hosted zone aren't actually going to work. You have to have your domain actually resolving to the Route53 hosted zone before you can do the ACM DNS validation.