Could not find an in-date certificate

[kaykhan]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Bug Report

Error Description

serverless domain manager fails to create sub domain even though certificate exists.

Command Run sls create_domain

Console Output

Environment: linux, node 16.13.0, framework 3.21.0 (local) 3.19.0v (global), plugin 6.2.2, SDK 4.3.2
Credentials: Local, "default" profile
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
Error: Unable to create domain 'image-service.staging.geeiq.com':
Could not find an in-date certificate for '*.staging.geeiq.com'.
    at ServerlessCustomDomain.<anonymous> (/home/kay/checkpoint/image-service/node_modules/serverless-domain-manager/dist/src/index.js:193:23)
    at Generator.throw (<anonymous>)
    at rejected (/home/kay/checkpoint/image-service/node_modules/serverless-domain-manager/dist/src/index.js:6:65)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Domain Manager Configuration

      customDomain: {
            domainName: "image-service.staging.geeiq.com",
            basePath: "/",
            certificateName: "*.staging.geeiq.com",
            stage: "${opt:stage}",
            createRoute53Record: true,
        },

Versions

• Domain Manager version(s): ^6.0.3
• Node/npm version: 16.13/8.1.3
• Serverless Version: 3.21
• Lambda Code: typescript

Possible Solution

Additional context/Screenshots Add any other context about the problem here. If applicable, add screenshots to help explain.

[rddimon]

Hi @kaykhan

Thank you for your issue!

It could be related to the https://github.com/amplify-education/serverless-domain-manager/issues/510 Place try our latest version of the plugin (6.1.0) It should be fixed And please let us know the result

[TylerSustare]

Hey, @rddimon This issue is still happening for me and my version is 6.2.1

[TylerSustare]

It's a magical mystery (∩｀-´)⊃━☆ﾟ.*･｡ﾟ

The command sls create_domain is now working to create a domain, without me changing anything except waiting 24 hours.

[Anderson-SG]

I'm having the same problem here, the plugin doesn't seem to be able to detect newly created certificates, I have to wait hours for it to be able to identify.

[vanerac]

Hi @rddimon, any updates on this issue ?

[Zeryther]

My certificates are over 24 hours old and the plugin won't find them.

[directrx-technology]

This is also proving to be an issue for me on an M2 mac.

[matt-ward]

I also have this problem on v7.3.3, on a hunch I decided to try out a random version in 6, so I downgraded to v6.4.4 and the issue went away.

[rddimon]

Hi there

What is the endpointType for your configs?

The plugin has the EDGE type by default. API Gateway uses CloudFront for the EDGE and that mean that the certificate should exist in the us-east-1.

There are 2 options for solving it:

1. Switch endpointType to REGIONAL
2. Create the needed ACM certificate in the us-east-1.

More info

1. https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-edge-optimized-custom-domain-name.html

Note
To use an ACM certificate with an API Gateway edge-optimized custom domain name, you must request or import the certificate in the us-east-1 Region (US East (N. Virginia)).

2. https://docs.aws.amazon.com/acm/latest/userguide/troubleshoot-apigateway.html