terraform aws_acm_certificate_validation.cert_api:仍在创建... [4 分钟 21 秒已过] 直到超时
terraform aws_acm_certificate_validation.cert_api: Still creating... [4m21s elapsed] until timeout
ACM 证书验证从未完成,大约 45 分钟后超时,查看域的 AWS 托管区域,它有一个 cname 记录。它永远不会到达创建 Api 网关域部分。
main.tf
resource "aws_acm_certificate" "cert_api" {
domain_name = var.api_domain
validation_method = "DNS"
tags = {
Name = var.api_domain
}
}
resource "aws_acm_certificate_validation" "cert_api" {
certificate_arn = aws_acm_certificate.cert_api.arn
validation_record_fqdns = aws_route53_record.cert_api_validations.*.fqdn
}
resource "aws_route53_zone" "api" {
name = var.api_domain
}
resource "aws_route53_record" "cert_api_validations" {
allow_overwrite = true
count = length(aws_acm_certificate.cert_api.domain_validation_options)
zone_id = aws_route53_zone.api.zone_id
name = element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_name, count.index)
type = element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_type, count.index)
records = [element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_value, count.index)]
ttl = 60
}
resource "aws_route53_record" "api-a" {
name = aws_apigatewayv2_domain_name.api.domain_name
type = "A"
zone_id = aws_route53_zone.api.zone_id
alias {
name = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_apigatewayv2_domain_name" "api" {
domain_name = var.api_domain
domain_name_configuration {
certificate_arn = aws_acm_certificate.cert_api.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
如果托管区域被破坏并且 re-provisioned,新的名称服务器记录将与新的托管区域相关联。然而,
域名可能仍然有以前的名称服务器记录
与之相关联。
如果 AWS Route 53 被用作域名注册商,请前往 Route 53 > 注册域 > ${your-domain-name} > 添加或编辑名称服务器 和添加
从托管区域到注册域的新关联名称服务器记录。
ACM 证书验证从未完成,大约 45 分钟后超时,查看域的 AWS 托管区域,它有一个 cname 记录。它永远不会到达创建 Api 网关域部分。
main.tf
resource "aws_acm_certificate" "cert_api" {
domain_name = var.api_domain
validation_method = "DNS"
tags = {
Name = var.api_domain
}
}
resource "aws_acm_certificate_validation" "cert_api" {
certificate_arn = aws_acm_certificate.cert_api.arn
validation_record_fqdns = aws_route53_record.cert_api_validations.*.fqdn
}
resource "aws_route53_zone" "api" {
name = var.api_domain
}
resource "aws_route53_record" "cert_api_validations" {
allow_overwrite = true
count = length(aws_acm_certificate.cert_api.domain_validation_options)
zone_id = aws_route53_zone.api.zone_id
name = element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_name, count.index)
type = element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_type, count.index)
records = [element(aws_acm_certificate.cert_api.domain_validation_options.*.resource_record_value, count.index)]
ttl = 60
}
resource "aws_route53_record" "api-a" {
name = aws_apigatewayv2_domain_name.api.domain_name
type = "A"
zone_id = aws_route53_zone.api.zone_id
alias {
name = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_apigatewayv2_domain_name" "api" {
domain_name = var.api_domain
domain_name_configuration {
certificate_arn = aws_acm_certificate.cert_api.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}
如果托管区域被破坏并且 re-provisioned,新的名称服务器记录将与新的托管区域相关联。然而, 域名可能仍然有以前的名称服务器记录 与之相关联。
如果 AWS Route 53 被用作域名注册商,请前往 Route 53 > 注册域 > ${your-domain-name} > 添加或编辑名称服务器 和添加 从托管区域到注册域的新关联名称服务器记录。