Questions[amazon-acm](server)

I feel like I'm taking crazy pills, because I've completed this process before and my configuration seems to match AWS' docs. But, every time I request a new certificate, I get this error message (usually less than a minute after making the request):

The status of this certificate request is "Failed". One or more domain names have failed validation due to a Certificate Authority Authentication (CAA) error. Learn more.

I've requested a public certificate with two domain names: "mydomain.us" and "*.mydomain.us". I chose email validation and did not apply any tags. I copied the CNAME record (_1234567890etc.mydomain.us.) into NameCheap and added a CAA record as well.

CAA Record @ 0 issue "amazon.com" Automatic

NameCheap (domain registrar):

Immediately after request:

After validation fails:

Any idea what I'm doing wrong? Thanks in advance.

Edit: More screenshots

I have created a certificate using ACM. Now, I want to create a TLS secret using kubernetes, so that I can use the secret to configure Ingress Resource.

I am trying to create a TLS secret using kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.pem However, it returns an error saying error: failed to load key pair tls: failed to parse private key

The private key was created using a password, so after reading through a bit, I decided to use the unencrypted private key, so I did the following:

openssl rsa -in fsi.key.pem -out fsi.key.decrypted.pem -passin pass: abcdefgxxxx

The above step generated an unencrypted version of the original private key. Next I tried the create secret command above just changing the --key to use the unencrypted key:

kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.decrypted.pem

however, this resulted in error: failed to load key pair tls: private key does not match public key.

I am creating this tls secret in order to use it in the ingress resource definition.

Any help would be appreciated.

Our Multi tenant SaaS application is hosted on elastic beanstalk(EBS). EBS load balancer uses a certificate issued by ACM(Amazon certificate manager) for SSL.

We've customers who want to use their own custom domains for using our app. Is there a completely automatic way to do this(except customer setting a CNAME mapping in their DNS to our server)?

I'm trying to add a certificate to a domain name through Amazon ACM and it's not working. I mean, I was able to add the certificate and I opted to use DNS validation but it's still showing up as "Pending validation" and that was a few hours ago.

I added the DNS entries after I requested the certs so is there a way I can just tell AWS to recheck for the DNS entries?

I want to import the Apple push notification certificate into AWS ACM. So first, I had to convert it to pem. Using openssl pkcs12, I was able to get the Certificate and the Private Key. But when importing it into ACM, I get this error : "Provided certificate is not a valid self signed. Please provide either a valid self-signed certificate or certificate chain".

When I try to get the certificate authority, its empty. The p12 certificate was created from a cer file generated in developer.apple.com and using a csr file.

I tried downloading and using the apple certificate authority without success as I have this issuer : issuer=C = US, O = Apple Inc., OU = Apple Worldwide Developer Relations, CN = Apple Worldwide Developer Relations Certification Authority.