How to solve AWS SES and certificate manager to verify your domain name in route53

Written by Hassan Salem on

Suppose you are working with AWS route53 domains and you are trying to create a certificate or verify a domain name for AWS SES. If the verifying process is taking ages or never happens, no matter how you delete the request and recreate it again. Then you will find this article helpful, and it will solve lots of your problems.

The story

The story is, like any other aspiring developer, I have bought many domain names for many projects that I started but never ended. Last month I decided to continue working on one of the projects. So I reached the phase where I deployed it to AWS 🤯. So now I need the domain name to point to my deployed service. I used route53 and its amazing tools to do so. I created the records and everything. Then I requested a certificate for the domain name so that I can use SSL. Nothing worked 🤷‍️.

The certificate was not issued, even after one day. The domain couldn’t point to my load balancer! And SES domain verification was pending as well! Usually, these processes do not take this amount of time to be finished, so apparently, something is wrong.

Then I asked myself and StackOverflow why AWS certificate issuing and SES verification are taking a long time? But the proposed solutions didn’t help me. So I decided to start over. I deleted the hosted zone and deleted all the requests. And recreate everything again. It didn’t work.

At this point, I decided to search the AWS documentation and definitions for route53. One sentence caught my mind:

Name servers: Route 53 assigns name servers when you create a hosted zone. The assigned name servers can’t be changed. To make Route 53 the DNS service for a domain (to use the records in a public hosted zone to route traffic on the internet for a domain), you update the domain registration to use these name servers."

But because I didn’t create those zones manually and never changed the NS records in my domain, I was not suspecting them. I thought it might be an AWS hiccup or anything. But when I compared the NS records with the so-called “Assigned name servers” that cannot be changed, I noticed they are not identical.

So what I did is just change them to be identical, then I tried to verify the domain name for SES, and I requested a certificate. Guess what, it worked!. It took about 3 minutes for the certificate to be issued and about 1 hour for the SES to be verified.

So the solution

Final words

I hope that helped you. If you had the same problem and solved it differently, please leave me a comment below.

Related articles

If you have any questions, suggestions, or you are seeking help, don't hesitate to get in touch with me on Twitter at @salem_hsn