如何使用AWS Certificate Manager验证域

Question

I own a domain that I purchased through GoDaddy. I am trying to get a certificate for this domain through AWS using Certificate Manager. If it's relevant, the purpose of obtaining a certificate is to be able to host a package repository on S3, using this tutorial: https://novemberfive.co/blog/opensource-pypi-package-repository-tutorial/

So far I've been unable to validate my domain. Let's call the domain foo.com I've attempted the following:

• Validate through DNS, I've created a CName with "repo.foo.com" as the "host" field in GoDaddy and "record name" as provided by AWS domain configuration file as the "points to" field on GoDaddy.
• Also tried same as above, but with "record value" as provided by AWS in the "points to" field on GoDaddy. All AWS says is "Create a CNAME record in the DNS configuration for each of the domains listed below. " and then there's a DNS configuration file you can download with "record name" and "record value" and "domain name". So how to map what values to what is not at all clear to me. Neither of these above approaches have worked.
• Validation through email. I've checked the email address that I used to register the domain, and created an email address for the domain and checked that. Neither have received emails.
• I've looked at about 5 tutorials. They all used email validation, and didn't specify what email address they used or how AWS knew that that was the email "associated" with the domain (what does "associated with" mean, exactly? Signup email? website email? Neither of these have worked).

Please help? How do I validate?

Answer 1

As you mentioned are two types of domain validation for issuing SSL certs.

DNS:

With DNS, you need to create CNAME record. How to create CNAME record with godaddy,

https://www.godaddy.com/help/add-a-cname-record-19236

Once you create DNS record, you may have to wait for DNS propagation. Usually the max time is 48 hours.

Alternatively, if you are going to use this domain fully with AWS, you can create a NS recordset in Route 53 with AWS and have your DNS more reliable.

A more detailed documentation on DNS setup for SSL Certs,

https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html

Email:

Usually email will be sent to whois record of your domain and emails to the following addresses in the domain,

administrator@your_domain_name
hostmaster@your_domain_name
postmaster@your_domain_name
webmaster@your_domain_name
admin@your_domain_name

More info on email validation and if you encounter issues is well documented under,

https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html

Even with all the cases, sometimes the validation might fail. You can open a support ticket and ask for help with AWS support.

Hope it helps.

Answer 2

It's so simple. When you create the certificate ACM provide two option to validate. If you opt email validation then you will get email on above said email id just click on it your domain will be verified. If you want DNS validation then use the below steps.

1. Under ACM click on DNS validation
2. This will give you dns records file according to you domain name which you entered in the starting
3. Download that file and you will see CNAME and value in .csv file
4. Just copy the value from csv and create the cname under Route 53 and pasted that value under it
5. You will get gverified DNS with few second

Answer 3

Kannaiyan already provided details steps

In a nutshell ( DNS validation method)-

Step 1. Request Public certificate in Amazon Certificate manager ( ACM)

Step 2. Create CNAME record in Godaddy

Here are screenshots from AWS ACM and Godaddy