I'm having some trouble understanding how to replace my imported wildcard cert with an AWS Issued one without taking my site offline. Currently I have an imported SSL certificate in ACM. In the DNS I have a record such as:
*.example.com A Simple - 11.22.33.44
Which redirects any implicit subdomains at a specific place.
I want to issue a wildcard certificate directly in ACM, but to do that I need to create a CNAME record for *.example.com, which apparently is invalid as two records cannot share the same record name.
Is there any way to do this without removing the wildcard DNS record?
Thanks
I've never used imported certificates in aws, I directly used certificates issued by AWS (and domains registered in AWS), so maybe I'm wrong.
If I don't remember bad, when you create a certificate in AWS Certificate manager, you choose your domain (mydomain.com), then you add another domain (*.mydomain.com) so all the first level subdomains are covered (and you can add more of them).
Then, in validation method, choose "DNS validation", and AWS generates a set of CNAME to add to your DNS table in Route53, like these:
| Domain Name | Record Name | Record Type | Record Value |
|---|---|---|---|
| mydomain.com | _[32_chars_alphanumeric_string].mydomain.com. | CNAME | _[another_32_chars_alphanumeric_string].asdasdasda.acm-validations.aws. |
| *.mydomain.com | _[32_chars_alphanumeric_string].mydomain.com. | CNAME | _[another_32_chars_alphanumeric_string].asdasdasda.acm-validations.aws. |
At this point you can add them manually to your dns table, or tell aws to do it for you. And you have finished.
In my DNS table I do not need a CNAME with the wildcard for my domain (*.mydomain.com) for the certificate, because I have the records shown above (look at the records names).
I do not know if I have answered your question, I hope this information can be useful to you.