堆栈内存溢出
  简体   繁体   English

如何了解重新创建的托管区域已准备就绪,可以对ACM证书进行DNS验证

[英]How to understand a recreated hosted zone is ready for DNS validation of an ACM certificate

 原文  2019-05-18 19:00:47       amazon-web-services/ amazon-route53/ aws-certificate-manager

问题描述

I have deleted and created an AWS Route 53 hosted zone and I want to add an public SSL certificate created and managed by Certificate Manager (ACM) Service. 我已删除并创建了一个AWS Route 53托管区域,我想添加一个由证书管理器(ACM)服务创建和管理的公共SSL证书。

The docs state that creation may take up to 48 hours to complete: 文档指出创建过程最多可能需要48小时才能完成:

If you delete a hosted zone, you can't undelete it. 如果删除托管区域,则无法取消删除它。 You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect. 您必须创建一个新的托管区域并更新域名服务器以进行域注册,这最多可能需要48个小时才能生效。

The question is: How would I know if the recreated hosted zone is ready to have a CNAME record set attached to validate the ACM certificate? 问题是: 我怎么知道重新创建的托管区域是否准备好附加CNAME记录集以验证ACM证书? Should I sit back for 48 hours to guarantee it? 我应该坐48小时以保证吗?

Note: I am creating the certificate with Cloudformation and if the certificate is not validated in 12 hours, the stack creation fails and rolls back. 注意:我正在使用Cloudformation创建证书,如果证书在12小时内未通过验证,则堆栈创建将失败并回滚。 That's why I cannot put the CNAME record on the hosted zone instantly and wait for it to be validated whenever possible. 这就是为什么我不能立即将CNAME记录放置在托管区域上,并等待它尽可能地被验证。

1 个解决方案

解决方案1
 1 已采纳  2019-05-18 19:31:11

This mostly has to do with whether the domain can actually resolve. 这主要与域是否可以实际解析有关。 So presuming that you have some sort of record configured, you can verify that it resolves. 因此,假设您已配置了某种记录,则可以验证它是否可以解决。

A simple test would be to create a TXT record, or some other record in the domain, and then resolving that using dig , drill or nslookup . 一个简单的测试是创建一个TXT记录或域中的其他记录,然后使用digdrillnslookup解决该问题。

Example: dig example.com will return results such as: 示例: dig example.com将返回如下结果: 

; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48750
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com.           IN  A

;; ANSWER SECTION:
example.com.        4257    IN  A   93.184.216.34

;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat May 18 21:29:18 CEST 2019
;; MSG SIZE  rcvd: 56

The line to look for here is example.com. 4257 IN A 93.184.216.34 在此处查找的行是example.com. 4257 IN A 93.184.216.34 example.com. 4257 IN A 93.184.216.34 , which means it resolved successfully. example.com. 4257 IN A 93.184.216.34 ,这意味着它已成功解决。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 (ACM) 通过 DNS 配置验证证书 - (ACM) Certificate validation via DNS configuration 如何在 Cloudformation 模板中指定区域以通过 DNS 验证 ACM 证书 - How to specify region in Cloudformation template to validate the ACM certificate via DNS AWS Route53 和 ACM 证书 - 允许同一组织内的其他账户在托管区域中创建记录 - AWS Route53 and ACM certificate - Allow other account within same organization to create records in hosted zone 通过 Cloudformation 进行 ACM DNS 验证 - ACM DNS Validation through Cloudformation 使用 terraform aws_acm_certificate_validation 时缺少 DNS 验证记录 - Missing DNS validation record when using terraform aws_acm_certificate_validation ACM SSL 证书是与托管区域相关联还是仅与域相关联? - Are ACM SSL certificates tied to a Hosted Zone or just the domain? 如何手动将 dns 条目添加到 AWS ECS 服务发现管理的托管区域? - How to manually add dns entries to hosted zone managed by AWS ECS service discovery? 如何让 AWS Client VPN 使用 VPC 对等私有托管区域来解析 DNS - How do I get AWS Client VPN to resolve DNS using VPC-peered Private Hosted Zone 带有 DNS 验证的证书卡在等待验证中 - Certificate with DNS Validation is stuck in Pending Validation DNS 托管区域未生效 - AWS Route53 - DNS hosted zone not taking effect - AWS Route53
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM