You’ve followed all the correct steps to set up your AWS certificate, but you’re still seeing “pending validation”.
At this point, the error is probably not in certificate manager. What else could it be then?
In my case, I was trying to set up a certificate for a domain name that I moved from Namecheap to Route 53. I tried creating three different certificates, but no matter what I did, I couldn’t get my certificate to validate.
You need to verify is that your domain’s SOA records are set correctly.
Run the following in terminal:
nslookup -type=soa yourwebsite.comand verify that the result looks something like this:
~ nslookup -type=soa yourwebsite.com
Server: XXX.XXX.X.X
Address: XXX.XXX.X.X#XX
Non-authoritative answer:
yourwebsite.com
origin = ns-XXXX.awsdns-XX.org
mail addr = awsdns-hostmaster.amazon.com
serial = 1
refresh = 7200
retry = 900
expire = 1209600
minimum = 86400
Authoritative answers can be found from:
yourwebsite.com nameserver = ns-XXXX.awsdns-XX.org.
yourwebsite.com nameserver = ns-XXXX.awsdns-XX.co.uk.
yourwebsite.com nameserver = ns-XXX.awsdns-XX.com.
yourwebsite.com nameserver = ns-XXXX.awsdns-XX.net.
ns-XXX.awsdns-XX.com internet address = XXX.XXX.XXX.XX
ns-XXXX.awsdns-XX.net internet address = XXX.XXX.XXX.XX
ns-XXXX.awsdns-XX.org internet address = XXX.XXX.XXX.XX
ns-XXXX.awsdns-XX.co.uk internet address = XXX.XXX.XXX.XXIf your nameservers are from different hosted zones, checkout this forum to learn how to configure your domain with the four name servers provided by your hosted zone.
Once you get your domain properly configured to the correct name servers, wait a few minutes and your certificate should validate — assuming all else is set up correctly.
If this does not resolve your “pending validation” problem, here are some other things to look into:
- domain not set up properly
- make sure the CNAME is added to the correct DNS configuration
- Ensure you are using AWS US East (N. Virginia) us-east-1
Hope this helps!