Menu
AWS Certificate Manager
User Guide (Version 1.0)

Troubleshoot Certificate Request Problems

Consult the following topics if you have trouble requesting an ACM Certificate.

Certificate Request Timed Out

Requests for ACM Certificates time out if they are not validated within 72 hours. To correct this condition, delete your request and choose Request a certificate to begin again. For more information about how to approve a certificate request, see Validate Domain Ownership.

Certificate Request Failed

A request for an ACM Certificate can fail. If that happens, the following explanations can help you understand why the request failed and suggest steps you can take to fix the problem.

No Available Contacts

ACM could not find an email address to use for validating one or more of the domain names in the certificate request. To correct this problem, you can do one of the following:

  • Ensure that you have a working email address that is registered in WHOIS and that the address is visible when performing a standard WHOIS lookup for the domain names in the certificate request. Typically, you do this through your domain registrar.

  • Ensure your domain is configured to receive email. Your domain's name server must have a mail exchanger record (MX record) so ACM's email servers know where to send the domain validation email.

Accomplishing one of the preceding tasks is enough to correct this problem; you don't need to do both. After you correct the problem, request a new certificate. You cannot resubmit a failed certificate request.

For more information about how to ensure that you receive domain validation emails from ACM, see Configure Email for Your Domain or Not Receiving Validation Email. If you follow these steps and continue to get the No Available Contacts message, then report this to AWS so that we can investigate it.

Domain Not Allowed

ACM does not allow certificate requests for one or more of the domain names in the certificate request. Typically, this is because one or more of the domain names in the certificate request was found in the Google Safe Browsing list of unsafe websites or the PhishTank list of valid phishes. To correct this problem, you can do the following:

After you correct the problem, request a new certificate. You cannot resubmit a failed certificate request.

Additional Verification Required

ACM requires additional information to process this certificate request. To provide this information, use the Support Center to contact AWS Support. If you don't have a support plan, post a new thread in the AWS Certificate Manager discussion forum.

Note

You cannot request a certificate for Amazon-owned domain names such as those ending in amazonaws.com, cloudfront.net, or elasticbeanstalk.com. This failure reason occurs when your certificate request includes these domain names.

Invalid Public Domain

One or more of the domain names in the certificate request is not valid. Typically, this is because a domain name in the request is not a valid top-level domain. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request, and ensuring that all domain names in the request are for valid top-level domains. For example, you cannot request an ACM Certificate for example.invalidpublicdomain because "invalidpublicdomain" is not a valid top-level domain. If you continue to receive this failure reason, use the Support Center to contact AWS Support. If you don't have a support plan, post a new thread in the AWS Certificate Manager discussion forum.

Other

Typically, this failure occurs when there is a typographical error in one or more of the domain names in the certificate request. Try to request a certificate again, correcting any spelling errors or typos that were in the failed request. If you continue to receive this failure reason, use the Support Center to contact AWS Support. If you don't have a support plan, post a new thread in the AWS Certificate Manager discussion forum.