https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# aws
s
This message was deleted.
v
i think you just have to wait for the validation to complete? how long has it been?
v
an hour
v
hmm, ive seen them take 20 mins before, have you checked in the UI the status of it? how come the validation is recreating? did you change something in it?
v
Yes i have.
Copy code
10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
    9                 domainName: env.APP_DOMAIN,
    8                 subjectAlternativeNames: subjectAlternativeNames,
    7                 validationMethod: 'DNS',
    6             })
    5
    4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: sslCertificate }).fqdn
    6                 })
    7             })
    8
    9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
   10                 certificateArn: sslCertificate.arn,
   11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
   12             }, { dependsOn: sslCertificate })
v
its strange that its been stuck for an hour - unsure on how to troubleshoot it other than looking around in the ui to see if it is actually still pending legitimately, what did you change?
v
i just changed the name of tasks
v
tasks?
v
i mean resources
Copy code
aws.acm.Certificate(`${stack}-ssl-cert`, {})
aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {})
oh i see whats going on. sslCertificate.domainValidationOptions.apply(a => { }) is not being called at all
so validation is keep waiting for dns forever
v
i dont see that in the code you pasted -
v
Copy code
4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: sslCertificate }).fqdn
    6                 })
    7             })
this
v
ahhh ok yeah sorry i missed that, glad you spotted
v
thank you
I cant get it called before validation, any idea how to fix it?
v
id try putting that declaration below the 
validatedSslCertificate
and then adding 
validatedSslCertificate
to the 
dependsOn
in 
sslCertificateValidationDnsRecords
if that makes sense?
Copy code
10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
    9                 domainName: env.APP_DOMAIN,
    8                 subjectAlternativeNames: subjectAlternativeNames,
    7                 validationMethod: 'DNS',
    6             })
    5
    8
    9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
   10                 certificateArn: sslCertificate.arn,
   11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
   12             }, { dependsOn: sslCertificate })

    4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: [sslCertificate, validatedSslCertificate] }).fqdn
    6                 })
    7             })
v
i think the record has be created before aws.acm.CertificateValidation though
v
ah of course sorry, let me find an example of this
we've done it at my place
v
v
have you tried doing it like in the example?
they arent using an apply there
v
yes. its for single though
i am adding multiple subdomains to ssl certificate's subjectAlternativeNames
v
have you tried logging out 
option
and 
index
to make sure they contain what you're expecting?
v
actually the records are being added to route53 but i am not sure why CertificateValidation is just kept on waiting forever
Yes, i found the record it want to verify and they do exists in route53.

https://puu.sh/JjRqk/98533c6125.png

Open in Slack
PreviousNext
Powered by