[AWS] How to perform ACM DNS authentication using IDCF cloud DNS
Hello.
This is Miyazaki from the SS Team, Operations Management Division.
This time, I will write about using AWS ACM (AWS Certificate Manager) DNS authentication
using the IDCF cloud DNS service instead of Route53.
background
Personally, I wanted to install a certificate in AWS's ELB using a domain managed by the IDCF cloud DNS service in order to verify that WordPress is HTTPS
, so I decided to use ACM.
I usually use Route53 for DNS authentication, so just by clicking the button, DNS authentication will be completed and a certificate will be issued before you know it.
However, this time, since the domain was managed by IDCF Cloud's DNS service, it was necessary to perform DNS authentication using IDCF Cloud's DNS service.
Actual steps and some points I stumbled upon
1. Request a certificate on ACM
2. Select Request Public Certificate
3. Enter the domain name of the certificate you want to create
4. Select Verify DNS
5. Check that each item is correct and select "Confirm and Request"
6. Check the validation status.
It's now "Pending Verification".
Use the "name" and "value" in the red frame for DNS authentication.
Now let's move on to the DNS side settings
7. Select record registration from IDCF's DNS service
8. Enter record information
① "Type" Select CNAME
② "Record Name" Enter the "Name" item confirmed in step 6.
Note that the last . is already included. For example, are there consecutive .'s like _XXXXXX..domain name?
③ "Value" Enter the "Value" item confirmed in step 6.
IDCF Cloud does not allow you to enter an _ (underscore) at the beginning of the value.
If you refer to AWS's official guide, it says that you can register without underscores as a workaround if underscores are prohibited.
Troubleshooting DNS validation issues
If your DNS provider prohibits CNAME values starting with an underscore, remove the underscore from the value provided by ACM and verify your domain. For example, you can change the CNAME value _x2.acm-validations.aws to x2.acm-validations.aws for validation purposes.
Also, as mentioned in the note under "Value", the trailing dot is unnecessary, so delete it.
Based on all of the above, it will now look like the image below, so let's register it.
After about 5 minutes, I was able to confirm that I was authenticated on AWS.
These are the steps.
Conclusion
The steps introduced this time are not limited to IDCF DNS, but I think the above steps will be helpful for DNS where _ (underscore) cannot be used in the "value".
It's not a big deal, but when I first tried it, I didn't really understand where I was stumbling.
I would be happy if I could be of some help.