I'm having some trouble understanding how to replace my imported wildcard cert with an AWS Issued one without taking my site offline. Currently I have an imported SSL certificate in ACM. In the DNS I have a record such as:
*.example.com A Simple - 11.22.33.44
Which redirects any implicit subdomains at a specific place.
I want to issue a wildcard certificate directly in ACM, but to do that I need to create a CNAME record for *.example.com, which apparently is invalid as two records cannot share the same record name.
Is there any way to do this without removing the wildcard DNS record?
Thanks
CodePudding user response:
I've never used imported certificates in aws, I directly used certificates issued by AWS (and domains registered in AWS), so maybe I'm wrong.
If I don't remember bad, when you create a certificate in AWS Certificate manager, you choose your domain (mydomain.com), then you add another domain (*.mydomain.com) so all the first level subdomains are covered (and you can add more of them).
Then, in validation method, choose "DNS validation", and AWS generates a set of CNAME to add to your DNS table in Route53, like these:
| Domain Name | Record Name | Record Type | Record Value |
|---|---|---|---|
| mydomain.com | _[32_chars_alphanumeric_string].mydomain.com. | CNAME | _[another_32_chars_alphanumeric_string].asdasdasda.acm-validations.aws. |
| *.mydomain.com | _[32_chars_alphanumeric_string].mydomain.com. | CNAME | _[another_32_chars_alphanumeric_string].asdasdasda.acm-validations.aws. |
At this point you can add them manually to your dns table, or tell aws to do it for you. And you have finished.
In my DNS table I do not need a CNAME with the wildcard for my domain (*.mydomain.com) for the certificate, because I have the records shown above (look at the records names).
I do not know if I have answered your question, I hope this information can be useful to you.