Does the setup fail when you configure a custom domain? Learn about possible problems causing the failure and how to troubleshoot them.
You are already using your custom domain in a CloudFront distribution that was previously set up.
Remove the Alternate Domain Names (CNAME) from the other CloudFront distribution or delete the other CloudFront distribution completely. Both options can be accessed from your AWS console.
You are using CloudFlare with the “proxied” setting.
Switch the setting from “proxied” to “DNS only”.
You took too long to add the CNAME records to your DNS configuration.
After 72 hours the process will fail automatically if the CNAME couldn’t be found.
When starting the process again, make sure to complete this step within 72 hours.
You entered the provided values without an underscore (_) in your DNS configuration (e.g because your DNS tool does not allow for underscores).
We require the underscore to validate the CNAME records on our end with the AWS Certificate Manager.
Underscores are allowed values for DNS entires and most DNS configurations will handle these.
If you’re using a tool or domain provider that doesn’t allow for underscores, we recommend reaching out to your provider. Let them know that the entry with the underscore is required to generate a certificate with the AWS Certificate Manager.
Your certificate validation is stuck in
Your custom domain is configured to only allow certain authorities to create certificates.
To solve the problem you will need to specify in your CAA records that the AWS Certificate Manager (ACM) is allowed to issue a certificate for your domain or subdomain.
Please configure the CAA record to specify
You are using GoDaddy and your certificate validation is stuck in
When creating CNAME records make sure to only enter the first part of your custom domain URL, leaving out the root domain name.
Example: You custom domain for Viewport is