In AWS account X, I already have a hosted zone and a valid certificate for my domain, mydomain.com.
In AWS account Y, I would like to create a subdomain mysubdomain.mydomain.com and create a certificate for that subdomain.
In account Y I requested a certificate for mysubdomain.mydomain.com (also covering *.mysubdomain.mydomain.com). I created a hosted zone for mysubdomain.mydomain.com and added a CNAME record to that hosted zone based on the newly requested certificate.
Finally, in my original hosted zone in account X, I created an NS record for mysubdomain.mydomain.com and copied over the name servers from the hosted zone in account Y.
My certificate request is still pending validation. Is there a step I have missed which is needed to make AWS validate the certificate?
EDIT: additionally, when I do nslookup -mysubdomain.mydomain.com, I get server can't find mysubdomain.mydomain.com: NXDOMAIN. (nslookup works for the root domain.) That might help diagnose the issue?
For posterity, the answer is: yes the steps I listed are sufficient, I had just accidentally created the NS record in the wrong hosted zone.