ACM Certificate Request Stuck in Pending

If you’re reading this then you’ve probably been stuck with a pending ACM Certificate when using DNS validation. Most likely you have a more complicated setup than just aws meaning you’re also using 3rd party software.

In this article I’ll go over how to get a close-to-instant issuing of the ACM Certificate when using a separate Hosted Zone for a subdomain and Netlify.

This article was inspired by a question asked in Github Issues .


In our setup we have two Hosted Zones, one for apex e.g., exanubes.com and one for a subdomain test.imrec.exanubes.com. Then we also have Netlify that actually hosts the website so instead of using AWS’s nameservers we’re using Netlify’s and that is represented in Route53’s NS record which points to those nameservers instead of the default AWS nameservers.

Obtaining the Certificate

In order for us to be able to use a separate Hosted Zone for the subdomain we had to put another NS record inside the apex HZ pointing to it. We’ve covered this when learning about sharing a domain name across multiple AWS accounts . However, this is not enough if we want to get the certificate when hosting via 3rd party i.e Netlify. Because we’re using Netlify as our DNS resolver, we actually have to add our subdomain’s nameservers to Netlify’s DNS Settings.

As a result we would end up with something like this:

Subdomain HZ nameservers

Subdomain Hosted Zone NS Record

Apex HZ NS Record for Subdomain HZ

Apex Hosted Zone NS Record for Subdomain Hosted Zone

NS Records in Netlify

Apex Hosted Zone NS Record for Subdomain Hosted Zone

Certificate Issued Successfully

Issued ACM Certificate