I have deleted and created an AWS Route 53 hosted zone and I want to add an public SSL certificate created and managed by Certificate Manager (ACM) Service.
The docs state that creation may take up to 48 hours to complete:
If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect.
The question is: How would I know if the recreated hosted zone is ready to have a CNAME record set attached to validate the ACM certificate? Should I sit back for 48 hours to guarantee it?
Note: I am creating the certificate with Cloudformation and if the certificate is not validated in 12 hours, the stack creation fails and rolls back. That's why I cannot put the CNAME record on the hosted zone instantly and wait for it to be validated whenever possible.
This mostly has to do with whether the domain can actually resolve. So presuming that you have some sort of record configured, you can verify that it resolves.
A simple test would be to create a TXT record, or some other record in the domain, and then resolving that using dig, drill or nslookup.
Example: dig example.com will return results such as:
; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48750
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 4257 IN A 93.184.216.34
;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat May 18 21:29:18 CEST 2019
;; MSG SIZE rcvd: 56
The line to look for here is example.com. 4257 IN A 93.184.216.34, which means it resolved successfully.