Handle SSL failures for AWS
Last updated
Was this helpful?
Last updated
Was this helpful?
As described on the configuration section, stackmate will add an SSL certificate for your environment, that will handle the domain names you specified in your project.
Stackmate will instruct AWS to try and validate the certificate using email by default, where you will get prompted to approve the validation request or not. What you need to know beforehand is the following:
AWS will email the administrator, hostmaster, postmaster, webmaster and admin inboxes at your domain so it's necessary to have at least one of these inboxes available, or a catch-all inbox at hand.
The approval should be done within 5 minutes after you get the email, otherwise the deployment will fail
There have to be a few CAA DNS records in your domain name so that AWS can issue the certificate for you as described in . Our experience shows that just setting a CAA record for amazon.com will work, but we can't guarantee that.
Alternatively, you can also use DNS validation for your SSL certificates but the domain needs to be active and the name servers for it need to already be pointing to AWS. What you need to do is the following:
Create a Hosted Zone for your domain name (eg. stackmate.io) on Route53 as described in .
Get the NS records and set them as your nameservers on your domain registrar.
Stackmate will then attempt to validate whether the DNS records are active and use that as the validation method so that no manual action will be required