What should the security engineer do to correct this issue?
Manually validate ownership of each domain in the ACM console.
Verify that the DNS CNAME for each domain matches the ACM certificate CNAME record.
Export and then reimport the certificates into ACM.
Validate the ownership of each domain by using email validation.
Explanations:
Manually validating ownership is not required since DNS validation was already configured. The issue likely lies with DNS records not being correctly updated or verified.
The “pending validation” status indicates that the DNS validation CNAME record may not be properly set or is not matching the expected value. Verifying the DNS CNAME ensures that the correct validation record is present for ACM to validate ownership.
Exporting and reimporting the certificates does not resolve DNS validation issues. The problem is with the validation process, not with the certificates themselves.
The security engineer has already configured DNS validation. Switching to email validation would not address the current issue and would require reconfiguration of the validation method.
I value that the answer is:
Verify that the DNS CNAME for each domain matches the ACM certificate CNAME record.
From what I’ve seen, the answer is:
Verify that the DNS CNAME for each domain matches the ACM certificate CNAME record.