[AWS] How to perform ACM DNS authentication using IDCF cloud DNS

2019.04.01

table of contents

1 background
2 Actual steps and some stumbling points
3 Conclusion

Hello.
I'm Miyazaki from the SS Team, Operations Management Division.

This time, I will write about my attempt to authenticate DNS for AWS ACM (AWS Certificate Manager)
using IDCF Cloud's DNS service instead of Route53.

background

To personally verify the HTTPS implementation of WordPress, I wanted to use a domain managed by IDCF Cloud's DNS service
to set up a certificate on AWS's ELB, so I ended up using ACM.

Normally, we use Route53 for DNS authentication, so all we need to do is click a button and the DNS authentication is completed and the certificate is issued.
However, this time, the domain was managed by IDCF Cloud's DNS service, so we had to use IDCF Cloud's DNS service for DNS authentication.

Actual steps and some stumbling points

1. Request a certificate from ACM

2. Select Request a public certificate

3. Enter the domain name for the certificate you want to create

4. Select DNS Verification

5. Check that each item is correct and select "Confirm and request."

6. Check the validation status.
It will now be "Pending validation."
Use the "Name" and "Value" in the red box for DNS validation.

Now we move on to the DNS settings.
7. From the IDCF DNS service, select Register Records.

8. Enter the record information

1. Select "Type" - CNAME
2. Enter the "Name" field confirmed in step 6 for "Record Name".
Note that the final "." is already there. For example, make sure there are no consecutive "."s, like _XXXXXX..domain name.
3. Enter the "Value" field confirmed in step 6 for "Value".
IDCF Cloud does not allow the entry of an "_" (underscore) at the beginning of a value.
According to the official AWS guide, if underscores are prohibited, it is okay to register without an underscore as a workaround.
Troubleshooting DNS validation issues

If your DNS provider prohibits CNAME values that begin with an underscore, remove the underscore from the value provided by ACM and validate your domain. For example, you can change the CNAME value _x2.acm-validations.aws to x2.acm-validations.aws for validation purposes

Also, as noted in the "Value" note, the trailing dot is unnecessary, so delete it

Taking all of the above into consideration, the image below will be created, so let's register it

After about 5 minutes, I was able to confirm on AWS that I had been authenticated

That's the procedure

Conclusion

The steps I introduced this time will be useful not only for IDCF DNS but also for any DNS that does not allow underscores (_) in the "value". It
's not a big deal, but when I first tried it, I didn't really understand where I was getting stuck.

I hope this is of some help

If you found this article helpful , please give it a like!

The person who wrote this article

About the author

Kenta Miyazaki

I joined Beyond in 2017 as a new graduate.

We provide 24-hour, 365-day operation, maintenance, and monitoring services for servers and clouds used by companies that primarily provide web-based services.
I belong to the System Solutions Department, and my job is to improve Beyond's operations so that our customers can focus on their business.

Certifications: AWS Certified Solutions Architect, GCP Professional Cloud Architect, Linuc1

A story about creating a CLI tool to edit AWS security groups in Golang [2019 New Graduates] We held an induction ceremony and welcome party! [The last induction ceremony of the Heisei era]