amazon-web-servicesdnsamazon-route53aws-certificate-manager

AWS ACM and Route53 - 2 hosted zones with same name, how to handle cert validation


I have 2 hosted zones in 2 different AWS accounts with identical domain name prod.example.com:

acc1
acc2

acc1 has hosted zone prod.example.com is in registrar and all public requests go through there

acc2 also has hosted zone prod.example.com that is not in registrar.

acc1 has cert prod.example.com in ACM that works and is currently used.

I tried creating same prod.example.com in ACM acc2 but validation has been pending already for 2+ hours.

Do I have to add DNS record from acc2 ACM to hosted zone in acc1? If yes, will it screw up anything? If not, what am I missing in order to validate prod.example.com in ACM acc2?


Solution

  • You can't have multiple public hosted zones with the same domain name. You can only have one authoritative (in the registrar) public hosted zone with a given domain name. The other hosted zone might as well not exist because DNS records in a public hosted zone disconnected from the registrar are not resolvable.

    You can have multiple private hosted zones with the same domain name. However your question is about ACM record validation, and ACM record validation only works with publicly resolvable domain names (public hosted zones).