-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-certificatemanager: DnsValidatedCertificate does not work with multi-zone dns validation #20774
Comments
I've also experienced this issue recently - it confused me for a few hours before I worked out that the validation in Certificate Manager was hanging/waiting on a second DNS validation. In my case, I have a domain name Pretty clear when you see it like this what the issue is: For me the workaround will just be to create a certificate that only requires one hosted zone to be used (or i could create 2 certificates). But I look forward to seeing this fixed. |
@NGL321 Are there any updates on this? Just ran into this problem. |
please bring discussion on this to #8934. |
|
Describe the bug
When requesting a certificate and specifying Subject Alternative Names spanning over multiple Route53 HostedZones and providing a mapping between hostname and hostedzone with CertificateValidation.FromDnsMultiZone, the certificate requestor tries to add validation entries into the hosted zone provided on the DnsValidatedCertificate only
Expected Behavior
DnsValidatedCertificate should use the mappings between name and hosted zone provided in the FromDnsMultiZone mapping
Current Behavior
The custom resource returns the following message during deployment:
Reproduction Steps
Example stack (Python)
Possible Solution
The CertificateValidator provided in ICertificate should be used in DnsValidatedCertificate to build the mapping between and passed into the custom resource.
Currently, only subjectAlternativeNames is the input here:
aws-cdk/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js
Line 94 in 4537b3f
The mappings generated from CertificateValidator should be passed to the creatorlambda in addition to this:
aws-cdk/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts
Line 123 in 4537b3f
Additional Information/Context
No response
CDK CLI Version
2.27.0
Framework Version
No response
Node.js Version
v16.13.2
OS
Windows/Linux
Language
Typescript, Python
Language Version
Any
Other information
No response
The text was updated successfully, but these errors were encountered: