Search code examples
python-3.xamazon-web-servicesdomain-nameaws-certificate-manager

How to validate domain with AWS certificate manager

I own a domain that I purchased through GoDaddy. I am trying to get a certificate for this domain through AWS using Certificate Manager. If it's relevant, the purpose of obtaining a certificate is to be able to host a package repository on S3, using this tutorial: https://novemberfive.co/blog/opensource-pypi-package-repository-tutorial/

So far I've been unable to validate my domain. Let's call the domain foo.com I've attempted the following:

  • Validate through DNS, I've created a CName with "repo.foo.com" as the "host" field in GoDaddy and "record name" as provided by AWS domain configuration file as the "points to" field on GoDaddy.
  • Also tried same as above, but with "record value" as provided by AWS in the "points to" field on GoDaddy. All AWS says is "Create a CNAME record in the DNS configuration for each of the domains listed below. " and then there's a DNS configuration file you can download with "record name" and "record value" and "domain name". So how to map what values to what is not at all clear to me. Neither of these above approaches have worked.
  • Validation through email. I've checked the email address that I used to register the domain, and created an email address for the domain and checked that. Neither have received emails.
  • I've looked at about 5 tutorials. They all used email validation, and didn't specify what email address they used or how AWS knew that that was the email "associated" with the domain (what does "associated with" mean, exactly? Signup email? website email? Neither of these have worked).

Please help? How do I validate?

Solution

  • As you mentioned are two types of domain validation for issuing SSL certs.

    DNS:

    With DNS, you need to create CNAME record. How to create CNAME record with godaddy,

    https://www.godaddy.com/help/add-a-cname-record-19236

    Once you create DNS record, you may have to wait for DNS propagation. Usually the max time is 48 hours.

    Alternatively, if you are going to use this domain fully with AWS, you can create a NS recordset in Route 53 with AWS and have your DNS more reliable.

    A more detailed documentation on DNS setup for SSL Certs,

    https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html

    Email:

    Usually email will be sent to whois record of your domain and emails to the following addresses in the domain,

    administrator@your_domain_name
hostmaster@your_domain_name
postmaster@your_domain_name
webmaster@your_domain_name
admin@your_domain_name

    More info on email validation and if you encounter issues is well documented under,

    https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html

    Even with all the cases, sometimes the validation might fail. You can open a support ticket and ask for help with AWS support.

    Hope it helps.