Troubleshooting certificate requests - Amazon Certificate Manager
Request times outRequest fails
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Troubleshooting certificate requests

Consult the following topics if you encounter problems when requesting an ACM certificate.

Certificate request times out

Requests for ACM certificates time out if they are not validated within 72 hours. To correct this condition, open the console, find the record for the certificate, click the checkbox for it, choose Actions, and choose Delete. Then choose Actions and Request a certificate to begin again. For more information, see DNS validation or Email validation. We recommend that you use DNS validation if possible.

Certificate request fails

If your request fails ACM and you receive one of the following error messages, follow the suggested steps to fix the problem. You cannot resubmit a failed certificate request – after resolving the problem, submit a new request.

Error message: No Available Contacts

You chose email validation when requesting a certificate, but ACM could not find an email address to use for validating one or more of the domain names in the request. To correct this problem, you can do one of the following:

  • Ensure that you have a working email address that is registered in WHOIS and that the address is visible when performing a standard WHOIS lookup for the domain names in the certificate request. Typically, you do this through your domain registrar.

  • Ensure your domain is configured to receive email. Your domain's name server must have a mail exchanger record (MX record) so ACM's email servers know where to send the domain validation email.

Accomplishing just one of the preceding tasks is enough to correct this problem; you don't need to do both. After you correct the problem, request a new certificate.

For more information about how to ensure that you receive domain validation emails from ACM, see (Optional) Configure email for your domain or Not receiving validation email. If you follow these steps and continue to get the No Available Contacts message, then report this to Amazon so that we can investigate it.

Error message: Additional Verification Required

ACM requires additional information to process this certificate request. This happens as a fraud-protection measure if your domain ranks within the Alexa top 1000 websites. To provide the required information, use the Support Center to contact Amazon Web Services Support. If you don't have a support plan, post a new thread in the ACM Discussion Forum.

Note

You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com.

Error message: Invalid Public Domain

One or more of the domain names in the certificate request is not valid. Typically, this is because a domain name in the request is not a valid top-level domain. Try again to request a certificate, correcting any spelling errors or typos that were in the failed request, and ensure that all domain names in the request are for valid top-level domains. For example, you cannot request an ACM certificate for example.invalidpublicdomain because "invalidpublicdomain" is not a valid top-level domain. If you continue to receive this failure reason, contact the Support Center. If you don't have a support plan, post a new thread in the ACM Discussion Forum.

Error message: Other

Typically, this failure occurs when there is a typographical error in one or more of the domain names in the certificate request. Try again to request a certificate, correcting any spelling errors or typos that were in the failed request. If you continue to receive this failure message, use the Support Center to contact Amazon Web Services Support. If you don't have a support plan, post a new thread in the ACM Discussion Forum.