certificatemanager : DnsValidatedCertificate doesn't wait long enough #5831
Comments
SomayaB
added
the
@aws-cdk/aws-certificatemanager
|
I'm also currently experiencing the same issue. I've used this approach before and it's worked successfully but it isn't at the moment. It seems DNS must just be taking longer to update & propagate. |
|
There is an issue, where the lambda hit's a max timeout at 15 minutes, which is I think why the limits are currently set where they are. I'm playing around with an idea where we could get around that limit. Will open a PR if it works :) |
skinny85
added
guidance
SomayaB
removed
the
response-requested
|
@starsolutions any luck? |
skinny85
added
feature-request
|
I guess we could migrate DnsValidatedCertificate to our new custom resource framework. |
…g enough fixes aws#5831 changed parameter references
…g enough fixes aws#5831 changed parameter references
…g enough fixes aws#5831 changed parameter references
…g enough added lambda permissions fixes aws#5831
…g enough fixed test for IAM policy fixes aws#5831
…g enough fixing test for IAM policy fixes aws#5831
…g enough updated ref params fixes aws#5831
…g enough fixing related tests fixes aws#5831
…icate Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. Deprecate `DnsValidatedCertificate`. The default remains email validation (non-breaking). Closes aws#5831 Closes aws#5835 Closes aws#6081 Closes aws#6516 Closes aws#7150 Closes aws#7941 Closes aws#7995 Closes aws#7996
…cate Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. Deprecate `DnsValidatedCertificate`. The default remains email validation (non-breaking). Closes aws#5831 Closes aws#5835 Closes aws#6081 Closes aws#6516 Closes aws#7150 Closes aws#7941 Closes aws#7995 Closes aws#7996
What did you mean by the 'new custom resource framework'? Do you have any workaround in mind? |
…cate (#8552) Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. `DnsValidatedCertificate` is now only useful for cross-region certificate creation. The default remains email validation (non-breaking). Closes #5831 Closes #5835 Closes #6081 Closes #6516 Closes #7150 Closes #7941 Closes #7995 Closes #7996 Closes #8282 Closes #8659 Closes #8783 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
I think #8552 shouldn't close this. The Lambda timeout is not something we can work around, but we should at least increase this function's timeout to the maximum Lambda allows. |
|
@nlang since I change the timeout each time before creating a new certificate, I haven't encountered it lately, but I also see no reason it wouldn't be needed anymore either. Thank you. |
|
We are currently experiencing this problem, should we create a new issue ticket or can we hi-jack this? |
|
Same problem here |
Hi.
I'm running into this issue still.
Twice in a row, I've had a certificate take just above 10mn to validate, where the function is set to timeout after 9:30 (ironic).
When creating a DNS validated certificate via the console, there is a warning saying it can take 30mn, or more. I'm sure this would be an extreme case, but apparently, 10mn is not long enough.
Could we increase maxAttempts a tad more ?
(personally, I'd double go with 60 to match the console warning).
Cheers.
The text was updated successfully, but these errors were encountered: