i have bought a domain, for example examp.com, by hoster x.
A little bit later i have realized that aws is better for me.
I have register a hosted zone with my domain and change the NS-records by hoster x to the NS-Server from my hosted zone.
It works perfect!
But now i would like to whitelabeling my website.
For example a client have a domain abc.de and he would like to access my website with a subdomain sub.abc.de.
My idea was to create a CNAME-Record on sub.abc.de that points to examp.com.
But that not work (Not Found - The requested URL was not found on this server.).
I have read that the target server gotta know from the CNAME-Record that points to him. But i don't know how can i do that. In my hosted zone i can only register subdomains for examp.com for a ALIAS or so but not for another domain.
Can anybody help me?
If they control the domain of abc.de they are able to create the record their side for sub.abc.de as a CNAME record with the value set as your domain (examp.com).
They should never be attempting to CNAME to your NS server records, these are records for where your DNS records can be retrieved from.
Other than you providing the CNAME value of examp.com to them it is upto them to configure their DNS to target your hostname.
Our project is deployed on Elastic Beanstalk and I want to run this on HTTPs. I created my certificate on AWS Certificate Manager and choose DNS verification option. I added provided data in my Godaddy DNS records. Below is my sample data
Domain Name | Record Name | Record Type | Record Value
example.com | _8046ecb910c52234234234234232ecae.example.com. | CNAME | _81b05686qweerttcxsaxasdadas5a566.tljzshvwok.acm-validations.aws.
*.example.com | _8046ecb910c52234234234234232ecae.example.com. | CNAME | _81b05686qweerttcxsaxasdadas5a566.tljzshvwok.acm-validations.aws.
AWS has given my two records for example.com and *.example.com but both records are same. So I added one CNAME record in Godaddy DNS entries. I waited for three days and my certificate was still in pending state which in the end expired. I created a new one and I have been waiting for 24 hours and it is still in pending state. I cannot use Email verification method as I am not owner of this domain.
An apparently common error is to paste the entire hostname into a box that does not expect an FQDN, thus creating a record that actually looks like this in DNS (though you may not observe it this way on the screen):
_8046ecb910c52234234234234232ecae.example.com.example.com
For the "hostname," just use _8046ecb910c52234234234234232ecae when creating the record.
After creating it, use dig or nslookup to verify that it resolves as expected.
I had similar issue with AWS certificate in 'Pending validation' state for quite some time. After few tries I finally got it to get in 'Success' state. It might vary by domain registrar , in my case it was NameCheap.
Refer the screenshots from AWS ACM and NameCheap to follow the step that got it working for me:
I also had this issue and waited a day but still Pending Validation. I followed answers here but still got confused and Pending Validation so I decided to share the step by step of what worked for me in NameCheap.
In AWS:
Export the DNS configuration file. It will have something like this.
Domain Name,Record Name,Record Type,Record Value
mysite.io,_beocc4be975f27599f5d77f87af84321.mysite.io.,CNAME,_6ae531c5dad6c5ceeefd65a73d532881.dumrqilasr.acm-validations.aws.
In NameCheap:
Choose "Domain" tab > NameServers - Choose NameCheap Basic DNS
Choose "Advanced DNS" tab > Host Records
Under Type, choose "CNAME record"
Under Host, use the value in "Record Name". Do not include the domain name.
_beocc4be975f27599f5d77f87af84321.
Under Value, use the value in "Record Value". Copy everything.
_6ae531c5dad6c5ceeefd65a73d532881.dumrqilasr.acm-validations.aws.
Under TTL, choose "Automatic"
Save the settings by clicking the check icon right beside TTL.
In AWS:
Refresh the AWS Certificate Manager after 2-5 minutes. It should only take a few minutes for Amazon status to change from Pending Validation to Issued.
I have the same pending-forever issue with the domain which I registered at Freenom because I forgot to set the name servers from AWS Route 53 to Freenom.
Name servers from AWS Route 53:
*(ns means name server)
Set the name servers above to Freenom:
Then, it was validated from pending. However, even if I set name servers to Freenom, it sometimes takes a forever time to be validated. In this case, I delete the request and make a new request a few hours later again, then, it is validated properly.
Optionally saying, we registered the domains at the domain providers like GoDaddy, Namecheap, Freenow and so on, then, we need to set the name servers from AWS Route 53 to GoDaddy, Namecheap, Freenow and so on. Finally, our domains will be validated from AWS Certificate Manager.
I needed the same solution as #Kai - had to add the NS records to the primary domain. But my situation was a little bit different:
I'm using AWS Route53 for my domains
with the root domain (example.com.au) in a different AWS account
and a subdomain (subdomain.example.com.au) in the account where I'm creating the certificate
Because it's all within AWS I could just click the "create record in Route 53" button to get the verification record automatically added... but the certificate would not resolve
THE PROBLEM : the subdomain was not resolving through to the root domain
HOW I FOUND IT : dig +trace subdomain.example.com.au
that SHOULD return a string of responses from . then au. then com.au. then example.com.au. and finally subdomain.example.com.au.
it did not return the subdomain record, which was the clue that the link between the subdomain and the root domain was not correct.
adding the NS records from the subdomain as a CNAME record on the root domain (similar to Kai's answer) caused the validation to complete almost immediately.
That is my api gw with cloudflare! It works already.
I registered an .link domain name with Route53 and experimented a little bit with it.
First I created an record to route traffic to my S3 static webpage. After that I deployed an Elastic Beanstalk app and tried to route the traffic to the Elastic IP of my EB instance.
I am getting the whole time "no response" messages. When I do a test on the record set, I am getting the right IP in the "Response returned by Route 53" field.
I even done an whois request on my domain name, and nowhere were mentioned the information I entered during the registration.
Did I forget something or do I have to pay attention on something?
I noticed that the Domain name status code is blank for this domain name.
Like you, I'm using Route53 to route traffic to an Elastic Beanstalk instance.
In EB, under "All Applications", I have a running application with a URL ending in ".elasticbeanstalk.com"
Then, in Route 53, I have a record which routes a particular subdomain to my EB URL:
The blank Domain name status has nothing to do with the problem. The domain name works now and the Domain name status is still blank.
The problem was that the nameservers for the registered domain not matched the nameservers of the hosted zone. The support provided me the correct namerservers, I replaced the nameservers of the registered domain and the hosted zone with the one the support provided me and everything works fine.
Kind regards
I have been trying to connect my domain with my elastic beanstalk instance.
My domain was purchased off GoDaddy and I have updated the nameservers to point to AWS and verified through dig. If dig comes up with the NS, it means GoDaddy is properly configured to point to the DNS right?
The Test Record Set function also does not show any error and has a proper response returned which has NOERROR
Problem is I still receive an ERR_NAME_NOT_RESOLVED everytime I try to load the website on browsers even tried on different devices
I have also checked the alias used in my Hosted Zone and its up and running
What I have already done:
Initialized and created Beanstalk environment - Up and Running
Public Hosted Zone - Created A record for www.mysite.com
GoDaddy DNS NS - updated with AWS 4 nameservers
Checks I have done:
Internal Test Record for A www.mysite.com
Dig Command
What could I be missing?
UPDATE***
So I figured "www.mysite.com' was working but 'mysite.com' alone was not. I'm assuming route53 will automatically use the www A record? But seems like its not?
Hope ya'll could help
Thanks!
Got it to work.
Looks like besides creating a www A record, I had to create a record for the root domain i.e mysite.com in the Record Set of my Hosted Zone
Solved!
It's been couple of days that I transferred my domain name from one AWS to another--dev environment to production. The problem is, the domain name isn't showing up in any DNS (Amazon or Google). I'm pretty sure I've configured the hosted zone correctly.
I'm also trying to verify SES which is failing and I also set MX records (Gmail) which don't work. The MX records and SES were set couple of days ago. Additionally, I created an A record to point to a elastic load balancer DNS name.
Any suggestions on what might be the problem? It's been couple of days and from past StackOverflow posts as well as past experience, DNS propagation on Amazon's server doesn't take more than 15 minutes.
EDIT:
Here is a timeline of events which can provide more information:
I had a domain abc.com on AWS account user1
The domain was transfered to AWS account user2
As of right now, the following hosted zone is created on user2's account:
The one thing this record set is missing is a CNAME to the load balancer which I had setup when the domain belonged to user1. However my understanding is that an A record should be good enough and it was a mistake on my part.
I'm using Windows and so I've flushed my DNS. I've tried looking up using AWS's DNS servers and Google's DNS server and nothing.
C:\>nslookup abc.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
*** google-public-dns-a.google.com can't find abc.com: Server failed
It's been a couple of days since the domain was transferred. MX records were something I setup immediately and so I haven't gotten an email. If the DNS doesn't have any clue about the domain name, something must be wrong.
NOTE: The domain name is obfuscated to abc.com.
As suggested by #michael-sqlbot, the name servers were different in the console and hosted zone. I updated the name servers to the NS of the hosted zone. I see DNS propagation.