Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

DnsValidatedCertificate reports DNS zone example.com to be non-authoritative

See original GitHub issue

When requesting a DnsValidatedCertificate using an imported HostedZone (imported with HostedZoneProvider.findAndImport) not previously saved in cdk.context.json, validation fails with error DNS zone example.com is not authoritative for certificate domain name cdn.mydomain.com

Same error is present when requesting the certificate for the root domain name:

new DnsValidatedCertificate(stack, 'MyCertificate', {
    domainName: 'mydomain.com',
    hostedZone,
});

results in: DNS zone mydomain.com is not authoritative for certificate domain name mydomain.com

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:9 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
rpanfilicommented, Jun 18, 2019

I found, as a workaround, that if the hosted zone reference is still unresolved and contains the dummy values (example.com) you can simply return and wait for the next AppStack synth iteration when cdk will use the HostedZoneContextProviderPlugin to get real values from your account.

Take a look here: https://github.com/awslabs/aws-cdk/blob/23a143ea34a1654af24bf8c58f73da26136d039e/packages/aws-cdk/lib/api/cxapp/stacks.ts#L205-L207

So a working (boilerplate) solution is:

  const domainName = "foobar.com";

  const zone = new HostedZoneProvider(this, {
    domainName
  }).findAndImport(this, "HostedZone");
  if (zone.zoneName == 'example.com') {
    return;
  }
  const certificate = new DnsValidatedCertificate(this, 'ApiSSLCertificate', {
    domainName,
    hostedZone: zone
  });

Warning: Obviously the given domainName hosted zone should exists in your account otherwise you will get an error like this

Found zones: [] for dns:foobar.com, privateZone:undefined, vpcId:undefined, but wanted exactly 1 zone
1reaction
stefanorgcommented, May 22, 2019

I’ve the same problem, anyone found a solution?

Read more comments on GitHub >

github_iconTop Results From Across the Web

awslabs/aws-cdk - Gitter
I seem to have hit another snag trying to get a DnsValidatedCertificate going ... DNS zone example.com is not authoritative for certificate domain...
Read more >
class DnsValidatedCertificate (construct) · AWS CDK
A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the specified Route 53 hosted zone.
Read more >
https://raw.githubusercontent.com/rafalcieslak/ema...
If you have already registered your domain, you can enter its name in this parameter to manage the DNS records for that domain....
Read more >
CDK DnsValidatedCertificate: Can create a certificate in a ...
On DnsValidatedCertificate , the input property validation can take ... could be a CNAME or A record within the hosted zone example.com ....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Expose props as read/write properties in CFN resources and remove propertyOverrides

Next page

PolicyPrincipal assumeRoleAction should support multiple actions