Remediation
Re-initiate ACM Certificate Validation (Email Validation)β
For Amazon Certificate Manager (ACM) certificates that have failed or timed out during email-based validation, re-initiate the validation process by resending the domain validation email using the AWS CLI.
Noteβ
The steps below apply only to certificates that use email validation. Certificates that use DNS validation cannot use the email resend operation and require updates to the domainβs DNS configuration instead.
A common reason for DNS-based validation failure is that the required DNS CNAME record generated by ACM was not created or was created incorrectly. To remediate this issue, review the DNS validation (CNAME) instructions provided by ACM and request a new certificate, ensuring the DNS records are correctly configured before validation.
From AWS CLIβ
-
Resend the domain validation email for the affected ACM certificate by running the following command. Replace the placeholders with values specific to your environment:
aws acm resend-validation-email \
--certificate-arn {{certificate-arn}} \
--domain {{www.yourdomain.com}} \
--validation-domain {{yourdomain.com}} -
After the request is submitted, Amazon ACM sends a validation email to the domain registrant, administrative, and technical contacts, as well as to common domain mailbox addresses (for example,
admin@,administrator@,hostmaster@,postmaster@, andwebmaster@). -
To complete the validation process, open the validation link included in these emails. ACM also sends validation emails to these same addresses to renew the certificate when the certificate is 45 days from expiry.