Context: I have an AWS Lambda function exposed via API Gateway. I want to secure and expose it through Cloudflare.

Steps to Replicate:

• In API Gateway, create a custom domain.

• During creation, AWS requires a certificate, so I generate one for:

1. mydomain
2. api.mydomain
3. www.mydomain

AWS provides three CNAME records to add in Cloudflare with this structure: Domain, Type, CNAME Name, CNAME Value

• I add these CNAME records in Cloudflare DNS.

• I wait for AWS validation (it always fails).

What I Have Tried:

• Removed the trailing dot (.) from the CNAME name and value (Cloudflare removes it automatically).
• Set records to DNS Only (not proxied).
• Verified CNAME propagation using dig and DNSChecker (records are reachable).
• Tested using only one domain for validation.
• Deleted and recreated the certificate request.
• Tried configuring the DNS in Hostinger instead of Cloudflare (same failure).

Still having the issue, thanks in advance for your help

Context: I have an AWS Lambda function exposed via API Gateway. I want to secure and expose it through Cloudflare.

Steps to Replicate:

• In API Gateway, create a custom domain.

• During creation, AWS requires a certificate, so I generate one for:

1. mydomain
2. api.mydomain
3. www.mydomain

AWS provides three CNAME records to add in Cloudflare with this structure: Domain, Type, CNAME Name, CNAME Value

• I add these CNAME records in Cloudflare DNS.

• I wait for AWS validation (it always fails).

What I Have Tried:

• Removed the trailing dot (.) from the CNAME name and value (Cloudflare removes it automatically).
• Set records to DNS Only (not proxied).
• Verified CNAME propagation using dig and DNSChecker (records are reachable).
• Tested using only one domain for validation.
• Deleted and recreated the certificate request.
• Tried configuring the DNS in Hostinger instead of Cloudflare (same failure).

Still having the issue, thanks in advance for your help

• amazon-web-services
• aws-lambda
• cloudflare
• aws-acm

1 Answer 1

well after struggling a bit... I found the issue in MY context. In case it helps someone...

My issue was that I was just adding the CNAMEs which is something I have to do… but my DNS Records in Cloudflare didn’t included this configuration, that is needed for AWS to be able to generate the certificate

So after I configured 2 records per url (1 for wildcare, 1 for literal) for each of this domain:

• amazon

• amazontrust

• awstrust

• amazonaws

The issue seems to be gone!