Question:
I am creating ACM public certificate in AWS organization account using lambda function from master account,
code to create ACM Cert and attach with listener is:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
resp_acm = client_acm.request_certificate( DomainName='test.example.com', ValidationMethod= 'DNS', ) acm_arn = resp_acm['CertificateArn'] print(acm_arn) resp_listener = client_elbv.create_listener( Certificates=[ { 'CertificateArn': acm_arn, }, ], DefaultActions=[ { 'Type': 'forward', 'TargetGroupArn': Target_group_arn, }, ], LoadBalancerArn=alb_arn, Port=443, Protocol='HTTPS', SslPolicy='ELBSecurityPolicy-2016-08', ) |
But I am getting this error:
|
1 2 3 4 |
"errorMessage": "An error occurred (UnsupportedCertificate) when calling the CreateListener operation: The certificate 'arn:aws:acm:eu-west-2:xxxxxxxxx:certificate/675071212-cdd1-4gg5-9d49-6a89a47eee88' must have a fully-qualified domain name, a supported signature, and a supported key size.", |
anyone please help. Main domain is in master account and creating certificate for subdomain aws organization cross account.
Answer:
I have fixed this issue, after getting ACM cert, you have to validate after some wait time. you can use following code snippet:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
acm_arn = resp_acm['CertificateArn'] print(acm_arn) time.sleep(10) #describe acm certificate acm_describe = client_acm.describe_certificate( CertificateArn=acm_arn ) name = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Name'] value = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Value'] #validating acm certificate using DNS acm_validation = client_route53.change_resource_record_sets( HostedZoneId=HostedZoneID, ChangeBatch={ 'Comment': 'DNS Validation', 'Changes': [ { 'Action': 'CREATE', 'ResourceRecordSet': { 'Name': name, 'Type': 'CNAME', 'TTL': 1800, 'ResourceRecords': [ { 'Value': value }, ], } }, ] } ) #waiting for acm to get validated using dns waiter = client_acm.get_waiter('certificate_validated') waiter.wait( CertificateArn=acm_arn, WaiterConfig={ 'Delay': 15, 'MaxAttempts': 80 } ) time.sleep(10) |
hopefully this will solve your prob also.