Posted On: Nov 22, 2017

Now, you can use AWS Certificate Manager DNS validation to establish that you own or control a domain name when requesting certificates with ACM. Certificates are used to secure network communications and establish the identity of websites over the Internet. Before issuing a certificate for your site, Amazon must validate that you own or control the domain name for your site. Previously ACM supported only email validation, which required the domain owner to receive an email for each certificate request and validate the information in the request before approving it. With DNS validation, you simply write a CNAME record to your DNS configuration to establish ownership or control of your domain name. The ACM management console can configure the DNS records for you if you manage your DNS records with Amazon Route 53. This makes it easy to validate your domain with a few mouse clicks. Once the CNAME record is configured, ACM can automatically renew DNS-validated certificates that are in use (associated with other AWS resources) before they expire, as long as the DNS record remains in place. Renewals are fully automatic and touchless. 

DNS validation and Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates provisioned through AWS Certificate Manager are free. 

AWS Certificate Manager DNS Validation is available in all commercial AWS Regions worldwide, except China (Beijing) and AWS GovCloud (US).

To learn how to get started using DNS validation for AWS Certificate Manager, consult the AWS Certificate Manager FAQs.