Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS validated certificate handler sometimes fails with subject alternative names. #7995

Closed
magJ opened this issue May 15, 2020 · 0 comments · Fixed by #8552
Closed

DNS validated certificate handler sometimes fails with subject alternative names. #7995

magJ opened this issue May 15, 2020 · 0 comments · Fixed by #8552
Assignees
@skinny85
Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. in-progress This issue is being actively worked on. p1

Comments

@magJ
Copy link

magJ commented May 15, 2020
edited
Loading

The DNS validated certificate handler, only waits for the first certificate ResourceRecord to be available.
This can be a problem when using subject alternative names, as the resource records aren't necessarily all made available at the same time.

Reproduction Steps

Reproduction is sporadic.
Create a certificate request with subject alternative names, wait for it to fail.

Error Log

START RequestId: f2555d41-030b-4f5e-91b9-271ea7be8803 Version: $LATEST
2020-05-15T03:30:18.205Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Requesting certificate for redacted
2020-05-15T03:30:19.947Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Certificate ARN: arn:aws:acm:us-east-1:redacted:certificate/redacted
2020-05-15T03:30:19.947Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Waiting for ACM to provide DNS records for validation...
2020-05-15T03:30:23.430Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Caught error TypeError: Cannot read property 'Name' of undefined. Uploading FAILED message to S3.
END RequestId: f2555d41-030b-4f5e-91b9-271ea7be8803

Environment

  • CLI Version : 1.38.0 (build d5fa31f)
  • Framework Version: 1.38.0
  • OS : macos
  • Language : typescript

Other

The lambda packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler needs to be updated to wait for all ressourcerecords, PR incoming.

This is 🐛 Bug Report
@magJ magJ added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 15, 2020
@magJ magJ mentioned this issue May 15, 2020
Closed
@SomayaB SomayaB added @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager in-progress This issue is being actively worked on. labels May 15, 2020
@skinny85 skinny85 added the p1 label May 29, 2020
jogold added a commit to jogold/aws-cdk that referenced this issue Jun 15, 2020
@jogold
feat(certificate-manager): native CloudFormation DNS validated certif…
89122f9 
…icate

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. Deprecate `DnsValidatedCertificate`.

The default remains email validation (non-breaking).

Closes aws#5831
Closes aws#5835
Closes aws#6081
Closes aws#6516
Closes aws#7150
Closes aws#7941
Closes aws#7995
Closes aws#7996
jogold added a commit to jogold/aws-cdk that referenced this issue Jun 15, 2020
@jogold
feat(certificatemanager): native CloudFormation DNS validated certifi…
adb63fc 
…cate

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. Deprecate `DnsValidatedCertificate`.

The default remains email validation (non-breaking).

Closes aws#5831
Closes aws#5835
Closes aws#6081
Closes aws#6516
Closes aws#7150
Closes aws#7941
Closes aws#7995
Closes aws#7996
@jogold jogold mentioned this issue Jun 15, 2020
Merged
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Jun 15, 2020
@skinny85 skinny85 mentioned this issue Jul 7, 2020
Closed
@mergify mergify bot closed this as completed in #8552 Jul 10, 2020
mergify bot pushed a commit that referenced this issue Jul 10, 2020
@jogold
feat(certificatemanager): native CloudFormation DNS validated certifi…
337279f 
…cate (#8552)

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. `DnsValidatedCertificate` is now only useful for cross-region
certificate creation.

The default remains email validation (non-breaking).

Closes #5831
Closes #5835
Closes #6081
Closes #6516
Closes #7150
Closes #7941
Closes #7995
Closes #7996
Closes #8282 
Closes #8659
Closes #8783

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
3 participants
@skinny85 @magJ @SomayaB