-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DnsValidatedCertificate doesn't support validationDomains #7777
Comments
Nop I think this is a misunderstanding on your side. Both in cdk and not cdk (cloudformation, api, ui) etc.. you can provide alternative names only for the same domain. So you create a certificate for
And it doesn't really matter, which one is the main domain name and which are the alternative names, most important they all belong to the same domain name (i.e. same hosted zone). |
Getting confused here. Through the console I've created a single certificate for link.company.com with alternative names link.company.co.uk and link.company.ie. I've validated the individual domains by manually adding verification entries to zones company.com, company.co.uk and company.ie. The certifikace was validated and was usable in CloudFront. |
Hmm my bad then. I always thought this is not possible at least in cfn. Need to verify. Otherwise you probably have found then a missing feature in cdk |
Thanks. There was a fix to make DnsValidatedCertificate working with your scenario a while back I noticed but my use case isn't covered. The Certificate construct can do it (without the validation part obviously) while DnsValidatedCertificate cannot even though it gives impression it can based on the similar documentation as Certificate. |
Hi @jimfum , thanks for opening the issue, but Are you saying it doesn't work somehow for your use case? Thanks, |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Hi @skinny85, That is right. It didn't work for my use case which is a certificate for a.company.com with alternative names like a.company.co.uk and a,company.ca. One would expect the domain ownership verification records to be created in all three domains but that didn't happen (only in the first .com one did) making the certificate to be never validated. The documentation, by mentioning validationDomains property, gives an impression it's possible but I haven't managed. It's confusing as there's the hostedZone property which is where the domain validation record is created for the main domain (.com) but for the others CDK doesn't ask for their hostedZones so does it try to infer them from validationDomains strings? Thanks, |
Hi @jimfum , You're correct that the Native CloudFormation support for DNS validation was just added to the CDK via #8552. There is an example usage of it here; this should be included in the next release. The |
Hi @njlynch, This looks like exactly what I'm after. Is it realistic to expect release 1.52 will contain that? Thanks a lot |
Yes, the above should be included in the next release (1.52). |
@njlynch, 1.52 is out and Certificate does what I need. A small thing, when destroying, the DNS validation entries aren't removed. |
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-certificatemanager.DnsValidatedCertificate.html
Issue: The docs offers optional validationDomains prop which suggests you can create one certificate for e.g. click.mydomain.com and click.mydomain.co.uk (through subjectAlternativeNames) and specify the parent domains for both where the domain validation happens. However, at the same time there's a mandatory prop hostedZone - one zone in which the validation record is created (i.e. cannot be both mydomain.com and mydomain.co.uk).
This is a 📕 documentation issue
The text was updated successfully, but these errors were encountered: