How do I troubleshoot domain transfer failures in Route 53?

Last updated: 2021-05-20

How do I troubleshoot domain transfer failures in Amazon Route 53?

Short description

You might experience domain transfer failures in Route 53 when:

  • Transferring a domain from another registrar to Route 53 (transfer in)
  • Transferring a domain from Route 53 to another registrar (transfer out)
  • Transferring a domain from an AWS account to another AWS account (cross-account transfer)

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Troubleshoot failure to transfer a domain from another registrar to Route 53 (transfer in)

Before transferring a domain to Route 53, be sure to confirm that:

Resolve invalid authcode errors

You received the following error message: "The authorization code that you got from the current registrar is not valid". For next steps, see The authorization code that you got from the current registrar is not valid.

Resolve clientTransferProhibited status or domain lock errors

If transfer lock isn't disabled with your current registrar, then the transfer-in process fails. You can confirm that this is the cause of your domain transfer failure by running a whois command. For example:

$ whois example.com | grep "Status"
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

If you see the "serverTransferProhibited" status in your whois output, contact your current registrar for more information.

To disable transfer lock, use your current registrar's console or contact the registrar.

Determine why a transfer is stuck on step 5

In step 5 of the domain transfer process, Route 53 sends a Form Of Authorization (FOA) to the registrant contact email. You must follow the confirmation link in that email. If you didn't receive an FOA email, see To resend the authorization email for a domain transfer.

Note: If you change the registrant email address during the transfer process, then Route 53 might send an authorization email to both the new and previous addresses. You must follow the confirmation link in both emails to proceed.

Determine why you didn't receive a domain transfer authorization email

As part of domain transfer-in process, Route 53 sends an authorization email to the domain registrant's email address. You must follow the link in that email to verify your email address. Failing to do so might cause your domain to stop working after a period of time. If you didn't receive the authorization email, check your email's Spam or Junk folder. If you still can't find the email, see To resend the authorization email for a domain transfer.

Determine why a transfer is stuck on step 7

If your domain transfer-in request is stuck on step 7, you see the "Waiting for the current registrar to complete the transfer" status message. For more information on how to check your status, see Viewing the status of a domain transfer.

This status indicates that the transfer is waiting on your current registrar's approval. After approval is received, the transfer process can proceed. Depending on your registrar and the requirements of the top-level domain (TLD), this step can take up to:

  • Seven days for generic TLDs
  • Ten days for country code TLDs (ccTLDs)

Note: This step in Route 53 can't be expedited. However, you might be able to expedite the domain transfer by contacting your current registrar.

Troubleshoot failure to transfer a domain from Route 53 to another registrar (transfer out)

Resolve "clientTransferProhibited" status errors

The domain registries for all generic TLDs and several geographic TLDs provide the option to lock your domain. Locking a domain prevents someone from transferring the domain to another registrar without your permission. If you enable transfer lock for a domain, then the status is updated to "clientTransferProhibited". To remove the status, disable the transfer lock:

1.     Open the Route 53 console.

2.     In the navigation pane, choose Registered Domains.

3.     Select the name of the domain that you plan to update.

4.     Under Transfer lock, choose Disable.

Or, you can run the following command in the AWS CLI:

aws route53domains disable-domain-transfer-lock \
    --region us-east-1 \
    --domain-name example.com

Note: Be sure to replace the domain name placeholders with your corresponding values.

Unlock "Transfer Lock" or remove "clientTransferProhibited" status

You tried to unlock a domain from the AWS Management Console or the DisableDomainTransferLock API. However, you received the following error message: "TLDRulesViolation: [TLD] does not support domain lock/unlock operation". To resolve this, determine if the TLD supports transfer locking. If the TLD doesn't support Track Lock but you see a lock icon on your domain, create a support case. For case type, be sure to choose Account and billing support.

Transfer domains in closed AWS accounts

When you close an AWS account, all associated AWS resources are deleted, including hosted zones. However, all domain names are maintained until their expiration date. After deleting your account, you can't modify the configuration of the remaining domain names. In this scenario, you can't update name servers or complete the transfer out process.

Create a support case to transfer your domain from the closed account to another AWS account or another registrar. When creating your case, be sure to:

  • Create the support case from the closed account. You can log in to your closed account using the credentials of the AWS account root user.
  • Choose Account and billing support for the case type.
  • Include the domain names that you'd like to transfer out.
  • Include the destination AWS account number (if transferring to another active AWS account).

Troubleshoot failure to transfer a domain from an AWS account to another AWS account (cross-account transfer)

As of April 2021, you can't transfer a domain from an AWS account to another AWS account using the AWS Management Console. If you try to use the console or the TransferDomain API to do this, you might see the following error: "Something went wrong. Sit tight, AWS ninjas are attacking the problem."

To transfer a domain to another AWS account, you can:


Did this article help?


Do you need billing or technical support?