DnsValidatedCertificate doesn't support validationDomains #7777
Comments
jimfum
added
feature-request
|
Nop I think this is a misunderstanding on your side. Both in cdk and not cdk (cloudformation, api, ui) etc.. you can provide alternative names only for the same domain. So you create a certificate for
And it doesn't really matter, which one is the main domain name and which are the alternative names, most important they all belong to the same domain name (i.e. same hosted zone). |
|
Getting confused here. Through the console I've created a single certificate for link.company.com with alternative names link.company.co.uk and link.company.ie. I've validated the individual domains by manually adding verification entries to zones company.com, company.co.uk and company.ie. The certifikace was validated and was usable in CloudFront. |
|
Hmm my bad then. I always thought this is not possible at least in cfn. Need to verify. Otherwise you probably have found then a missing feature in cdk |
|
Thanks. There was a fix to make DnsValidatedCertificate working with your scenario a while back I noticed but my use case isn't covered. The Certificate construct can do it (without the validation part obviously) while DnsValidatedCertificate cannot even though it gives impression it can based on the similar documentation as Certificate. |
SomayaB
added
the
@aws-cdk/aws-certificatemanager
SomayaB
added
documentation
skinny85
changed the title
|
Hi @jimfum , thanks for opening the issue, but Are you saying it doesn't work somehow for your use case? Thanks, |
skinny85
added
guidance
|
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
|
Hi @skinny85, That is right. It didn't work for my use case which is a certificate for a.company.com with alternative names like a.company.co.uk and a,company.ca. One would expect the domain ownership verification records to be created in all three domains but that didn't happen (only in the first .com one did) making the certificate to be never validated. The documentation, by mentioning validationDomains property, gives an impression it's possible but I haven't managed. It's confusing as there's the hostedZone property which is where the domain validation record is created for the main domain (.com) but for the others CDK doesn't ask for their hostedZones so does it try to infer them from validationDomains strings? Thanks, |
github-actions
bot
removed
closing-soon
SomayaB
added
the
response-requested
|
Hi @jimfum , You're correct that the Native CloudFormation support for DNS validation was just added to the CDK via #8552. There is an example usage of it here; this should be included in the next release. The |
|
Hi @njlynch, This looks like exactly what I'm after. Is it realistic to expect release 1.52 will contain that? Thanks a lot |
Yes, the above should be included in the next release (1.52). |
github-actions
bot
removed
the
response-requested
|
@njlynch, 1.52 is out and Certificate does what I need. A small thing, when destroying, the DNS validation entries aren't removed. |
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-certificatemanager.DnsValidatedCertificate.html
Issue: The docs offers optional validationDomains prop which suggests you can create one certificate for e.g. click.mydomain.com and click.mydomain.co.uk (through subjectAlternativeNames) and specify the parent domains for both where the domain validation happens. However, at the same time there's a mandatory prop hostedZone - one zone in which the validation record is created (i.e. cannot be both mydomain.com and mydomain.co.uk).
This is a 📕 documentation issue
The text was updated successfully, but these errors were encountered: