Hi,
I am trying to generate a SSL certificate for my www domain. I have added the corresponding Cloud DNS CNAME www as well.
When generating SSL Certificate via CertificateManager-Create SSL Certificate, the domain status is changed to FAILED_NOT_VISIBLE after 35 minutes.
Any help is highly appreciated
Thanks and Regards
Srinivasan
Solved! Go to Solution.
Hi,
Just for the benefit of others.
I removed the CNAME DNS entry for www and instead added the A Recordset that points to the load balancer IP address. The SSL Certificate got generated.
So in short use A DNS Type instead of CNAME.
Thanks @jedihomer and @naveedseo for your time
Regards
Srinivasan
Have you pointed the CNAME to the load balancer you have attached the cert to?
My understanding is that Google Managed Certs are only approved when the Domain it is creating for is pointed and attached to their load balancers.
See here
Hi,
Yes , I did pointed the cloud DNS to the load balance IP , it failed. I then followed the instructions as per this example . But both have the same results.
Regards
Srinivasan
Then I'm not too sure what's going on as it 'works for me'(tm)
What we do is create a Load Balancer and then create an A record pointing to it.
i.e. lb.mydomain.tld -> IP of Load Balancer
We then
Then after a while (usually less than an hour) the cert goes active and all is good.
Yes, I did followed the same step. Looks like if I am missing something minor that I am not able to catch it.
Thanks again
Regards
Srinivasan
To confirm the DNS, if you dig our www domain
dig www.mydomain.tld
Does the answer section end up with an IP address that matches the public IP address of your load balancer.
And if you click on the load balancer name within GCP in the Frontend section it has the same IP address and lists your managed cert as attached?
Yes it has the load balancer IP address and cname is mydomain.com. (with period at the last).
Hi Naveen,
Thanks for the detailed reply.
1. **Verify DNS Settings**: - Yes checked. The cname is ended with a period as well.
2. **Propagation Time**: - I have been trying this for almost 3 days, no luck yet. So I believe it has got enough propogation though.
3. **Check Ownership Verification** - our site is already google verified. A Txt Record was added as well while doing the ownership verification.
4. **Review Error Messages** - The domain status is just FAILED_NOT_VISIBLE. No further error message is seen.
Thanks again for your time.
Regards
Srinivasan
Hi,
Just for the benefit of others.
I removed the CNAME DNS entry for www and instead added the A Recordset that points to the load balancer IP address. The SSL Certificate got generated.
So in short use A DNS Type instead of CNAME.
Thanks @jedihomer and @naveedseo for your time
Regards
Srinivasan
User | Count |
---|---|
8 | |
2 | |
1 | |
1 | |
1 |