Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

aws-certificatemanager DnsValidatedCertificateHandler does not properly handle certs with SubjectAlternativeNames

See original GitHub issue

A DnsValidatedCertificate will never successfully validate when SubjectAlternativeNames are present. This seems to be due to the custom resource only adding the first DomainValidationOptions record to Route53. See line 110 here. This should add a new ResourceRecordSet for every DomainValidationOptions result.

Reproduction Steps

Create a DnsValidatedCertificate and add at least one record to subjectAlternativeNames.

Environment

CLI Version : 1.14.0
Framework Version: 1.14.0
OS : MacOS 10.14
Language : Typescript

This is 🐛 Bug Report

Issue Analytics

State:
Created 4 years ago
Reactions:13
Comments:7 (2 by maintainers)

Top GitHub Comments

2reactions

jamiepmullancommented, Jan 13, 2020

Any updates on this @SomayaB or @rix0rrr ?

1reaction

touzokucommented, Feb 29, 2020

Repro:

const hostedZone = route53.HostedZone.fromLookup(this, 'WebsiteHostedZone', {domainName: 'example.com'})
new acm.DnsValidatedCertificate(
      this,
      'WebsiteCertificate',
      {
        domainName: 'example.com',
        subjectAlternativeNames: ['www.example.com'],
        hostedZone
      }
    )

It will only validate example.com, while www.example.com will be left hanging in ACM until the validator cloudformation custom resource times out.

Submitted a PR fixing this issue: #6516