Verify an SSL/TLS certificate in Amazon Lightsail - Amazon Lightsail

Verify an SSL/TLS certificate in Amazon Lightsail

After you create an SSL/TLS certificate in Lightsail, you need to verify that you control all the domains and subdomains that you added to the certificate.

Contents

Step 1: Create a Lightsail DNS zone for your domain

If you haven't done so already, create a Lightsail DNS zone for your domain. For more information, see Create a DNS zone to manage your domain’s DNS records

Step 2: Add records to your domain's DNS zone

The certificate that you created provides a set of canonical name (CNAME) records. You add these records to your domain's DNS zone to verify that you own or control that domain.

Important

Lightsail will attempt to automatically verify that you control the domains or subdomains you specified while creating the certificate. After you select Create certificate, the CNAME records will be added to your domain's DNS zone. The certificate's status will change from Attempting to validate your certificate, to Valid, in use if automatic validation is successful.

Proceed to the following steps if automatic validation fails.

In the following steps, we'll show you how to get the CNAME records and add them to your domain's DNS zone in the Lightsail console.

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose Account on the top navigation menu.

  3. Choose Account in the dropdown menu.

  4. Choose the Certificates tab.

  5. Find the certificate that you want to verify, and make note of the Name and Value of the CNAME records that you must add for each domain

    Press Ctrl+C if you’re using Windows, or Cmd+C if you’re using Mac, to copy them to your clipboard.

    
            Certificate pending validation with domains and subdomains.
  6. Open a text editor, such as Notepad if you're using Windows, or TextEdit if you're using Mac. In the text file, press Ctrl+V if you’re using Windows, or Cmd+V if you’re using Mac, to paste the values into the text file.

    Leave this text file open; you will need these CNAME values when adding the records to your domain's DNS zone later in this guide.

    
            Text file with certificate CNAME records.
  7. Choose Home on the top navigation bar of the Lightsail console.

  8. Choose Domains & DNS on the Lightsail home page.

  9. Choose the DNS zone for the domain that will use the certificate.

  10. Choose Add record in the DNS records tab.

  11. Choose CNAME for the record type.

  12. Toggle to the text file that contains the CNAME records for your certificates.

    Copy the Name of the CNAME record. For example, _1bfb0b9ef15a50f9041e559d2c67b760.

  13. Toggle to the DNS records page and paste the Name into the Record name field.

    Important

    Adding a CNAME record that contains the domain name (such as .example.com) will result in duplication of the domain name (such as .example.com.example.com). To avoid duplication, edit the entry so that only the part of the CNAME that you need is added. This would be _1bfb0b9ef15a50f9041e559d2c67b760.

  14. Copy the Value of the CNAME record. For example, _c9a0c385eda13283350e35f297469a13.hkvuiqjoua.acm-validations.aws..

  15. Toggle to the DNS records page and paste the Value into the Route traffic to field.

  16. Choose Save to add the record.

  17. If you have alternate subdomains, choose Add record to add another record.

    Note

    To learn more about alternate domains or subdomains, see Add alternate domains and subdomains to your SSL/TLS certificate in Amazon Lightsail.

  18. Repeat steps 11 - 17 to add the CNAME record(s) for the alternate subdomains.

    You can also add an alias (A) record to point to your load balancer, or other Lightsail resources while you're on the DNS zone management page.

    When finished, your DNS zone should look like the following screenshot.

    
            CNAMES in Lightsail ready to be submitted for validation.

    After some time, your domain is verified and you will see the following message on the certificate.

    
            Successful validation of domain.

Next step

Once your domain is verified, you are ready to Attach a validated SSL/TLS certificate to your load balancer.