Why is my third-party SSL provider unable to verify my Route 53 domain ownership?

Last updated: 2019-06-20

I'm hosting my domain on Amazon Route 53. However, I haven't received an SSL certificate from my third-party SSL provider. Why can't a third-party SSL provider verify my domain ownership?

Short Description

Third-party SSL providers require domain owners to create a DNS record to verify domain ownership.

Note: If your SSL is provided by AWS Certificate Manager, then use DNS to validate your domain ownership. If you don't have permission to modify DNS records, you can use email to validate your domain ownership.


  1. Open the Route 53 console.
  2. Choose Hosted zones.
  3. Select your domain name and choose Go to Record Sets.
  4. Choose Create Record Set.
  5. Leave the Name field blank.
    Important: If the record set name is not blank, the third-party provider might be unable to verify your domain.
  6. For Type, choose the record type required for validation by your SSL provider. Most often, the type is TXT or CNAME.
  7. Enter the value you received from your SSL provider in the Value field.
  8. Choose Create.

On the Hosted Zones pane, your domain name appears. Third-party SSL providers can now verify your domain ownership and issue your SSL certificate.

Note: It can take up to 72 hours to receive an SSL certificate from your third-party provider.

Did this article help you?

Anything we could improve?

Need more help?