Which combination of steps will meet these requirements?
(Choose two.)
Use the AWS Certificate Manager (ACM) console to request a public certificate for the apex top domain example com and a wildcard certificate for *.example.com.
Use the AWS Certificate Manager (ACM) console to request a private certificate for the apex top domain example.com and a wildcard certificate for *.example.com.
Use the AWS Certificate Manager (ACM) console to request a public and private certificate for the apex top domain example.com.
Validate domain ownership by email address. Switch to DNS validation by adding the required DNS records to the DNS provider.
Validate domain ownership for the domain by adding the required DNS records to the DNS provider.
Explanations:
A public certificate for the apex domain (example.com) ensures that the main domain is secured, while a wildcard certificate for *.example.com covers all subdomains (country1.example.com, country2.example.com, etc.), thus encrypting all traffic for the specified subdomains.
A private certificate is not suitable for public-facing websites. Public certificates are required for encrypting internet traffic. While the wildcard certificate for *.example.com is valid, the private certificate is not necessary or appropriate in this context.
Similar to option B, a private certificate is not suitable for public domains. Only public certificates should be requested for the apex domain and subdomains to ensure encryption of data in transit.
While validating domain ownership by email is a valid method, the question specifically highlights the need for DNS validation, making this option less relevant in the context of securing subdomains effectively.
Validating domain ownership by adding DNS records is a standard practice for obtaining SSL/TLS certificates through AWS Certificate Manager. This method is reliable and aligns with AWS best practices for certificate validation.