DNS Validated Certificate Error: Failed to create resource. Cannot read property 'Name' of undefined #8282
Comments
rrrix
added
bug
|
@rrrix The same mistake happened to me some time ago. Does the zone for your apex domain In my case, I forgot to add the NS record to the apex domain. After I added the NS record, all went well. I don't know if that was causing the problem, but it kinda makes sense. Error handling could be improved though ;) |
|
Forget what I said. I just experienced the same error again while moving my stacks to another region. The first deploy failed, the second succeeded. Since my app is importing the hosted zone, NS records were definitely present. |
SomayaB
added
the
@aws-cdk/aws-certificatemanager
|
I removed (commented out) the const hostedZone = route53.HostedZone.fromLookup(scope, 'HostedZone', {
domainName: 'foo.example.com',
});
const sslCertificate = new acm.DnsValidatedCertificate(this, 'sslCert', {
domainName: 'foo.example.com',
// subjectAlternativeNames: [`*.foo.example.com`, `*.ecs.foo.example.com`],
hostedZone,
}); |
|
I'm getting this too but intermittently. Have just ran the same stack two times, first time it failed, then reran it and it worked. Happened a couple of times yesterday too. Was doing the same thing in Python with CDK 1.31 before and never had this problem with multiple deployments, now had it 3/6 times. Now on 1.44 JS I'm getting this issue. My current stack (with right values passed in) is essentially: The Python one previously that always worked (I've rewritten in JS for various reasons): Could be Python vs JS or more likely v 1.31 to 1.44 I'm guessing or it could even be CloudFormation/AWS changes since April when I was last running this. Note it created the certificates successfully in AWS whether this stack passes or not but the CloudFormation fails when it throws this error. For now my workaround will be to delete the certificate and try again till it works. Also I noticed that it took 7 minutes for the certificate to successfully create on CDK/CloudFormation failure but only a couple of minutes after when it worked successfully. Hope that makes sense, ping me if any questions by all means. |
|
I did a bit more research on this, and it turns out there's actually two Open PR's that aim to fix this:
Unfortunately both are getting a bit stale, as both PR's have pending, unfinished changes requested by the CDK Team. I think #6516 looks like the better PR, as it solves the root cause of the problem, rather than creating an arbitrary wait mechanism as #7150 does. |
|
Same as @strottos CDK version: 1.45.0 (build 0cfab15) |
|
Just curious, for people effected, does it eventually work or does it consistently fail? For me, it fails consistently if I have 2 or more subjectAlternativeNames. One or none, always works Either way, supporting native Cloud Formation DNS sounds like the best solution so hopefully it is available soon |
|
Here's my custom construct I'm using to use the native CloudFormation // CfnDnsValidatedCertificate.ts
import { Certificate, CertificateProps, ICertificate, ValidationMethod } from '@aws-cdk/aws-certificatemanager';
import { IHostedZone, IPublicHostedZone } from '@aws-cdk/aws-route53';
import { CfnResource, Construct, Resource } from '@aws-cdk/core';
interface CfnDnsValidatedCertificateProps extends CertificateProps {
hostedZone: IPublicHostedZone;
}
export class CfnDnsValidatedCertificate extends Resource implements ICertificate {
public readonly domainName: string;
public readonly subjectAlternativeNames: string[];
public readonly hostedZone: IHostedZone;
public readonly resource: CfnResource;
public readonly certificate: ICertificate;
public readonly certificateArn: string;
public readonly validationMethod: ValidationMethod = ValidationMethod.DNS;
constructor(scope: Construct, id: string, props: CfnDnsValidatedCertificateProps) {
super(scope, id);
this.domainName = props.domainName;
this.subjectAlternativeNames = props.subjectAlternativeNames;
this.hostedZone = props.hostedZone;
this.resource = new CfnResource(this, 'cfnCertificate', {
type: 'AWS::CertificateManager::Certificate',
properties: {
DomainName: this.domainName,
SubjectAlternativeNames: this.subjectAlternativeNames,
ValidationMethod: ValidationMethod.DNS,
DomainValidationOptions: [
{
DomainName: this.domainName,
HostedZoneId: this.hostedZone.hostedZoneId,
},
],
},
});
this.certificateArn = this.resource.ref;
this.certificate = Certificate.fromCertificateArn(this, 'Resource', this.certificateArn);
}
}Use it kinda like this: const hostedZone = PublicHostedZone.fromLookup(this, 'hostedZone', {
domainName: props.envDomainName,
});
this.certificate = new CfnDnsValidatedCertificate(this, 'certificate', {
domainName: domainName,
hostedZone: hostedZone,
});It's faster, works 100% of the time (with any number of SAN's), cheaper (no Lambda) and has the same great taste of automated DNS Validated ACM Certificates! |
skinny85
added
p2
and removed
needs-triage
…cate (#8552) Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. `DnsValidatedCertificate` is now only useful for cross-region certificate creation. The default remains email validation (non-breaking). Closes #5831 Closes #5835 Closes #6081 Closes #6516 Closes #7150 Closes #7941 Closes #7995 Closes #7996 Closes #8282 Closes #8659 Closes #8783 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
This issue should be reopened. I got the same error using |
|
Same problem with 1.61.1. Please reopen |
|
Similar problem with 1.63.0. Thank @mikestopcontinues for workaround solution. From doc (https://docs.aws.amazon.com/cdk/api/latest/docs/aws-certificatemanager-readme.html) I noticed DnsValidatedCertificate is used only cross-account validation and all other examples are done Certificate and CertificationValidation.fromDns(). |
|
I'm getting erratic behavior when using
I retried it, and it worked. I'm creating two ACM certificates and two Cloudfront distributions. One with 3 FQDNs and the other one with just 1.
This is supported since a while now. However, Furthermore, |
|
I'm having this same issue with "aws-cdk": "1.105.0", |
|
Just ran into this as well. |
|
@njlynch you might want to take a look at this one - it somehow got assigned to me by mistake (?). |
…ead property 'Name' of undefined" There have been about a dozen reports of "Cannot read property 'Name' of undefined" errors from the `DnsValidatedCertificate` over the last two years. The most likely culprit seems to be a partial response from the ACM DescribeCertificates API, where one ResourceRecord entry is present, but not the others. Updated the wait condition to verify that all records are present. fixes #8282
…ead property 'Name' of undefined" (#18033) There have been about a dozen reports of "Cannot read property 'Name' of undefined" errors from the `DnsValidatedCertificate` over the last two years. The most likely culprit seems to be a partial response from the ACM DescribeCertificates API, where one ResourceRecord entry is present, but not the others. Updated the wait condition to verify that all records are present. fixes #8282 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…ead property 'Name' of undefined" (aws#18033) There have been about a dozen reports of "Cannot read property 'Name' of undefined" errors from the `DnsValidatedCertificate` over the last two years. The most likely culprit seems to be a partial response from the ACM DescribeCertificates API, where one ResourceRecord entry is present, but not the others. Updated the wait condition to verify that all records are present. fixes aws#8282 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
When deploying a new DNS Validated Certificate, I keep getting an error:
Reproduction Steps
Error Log
Error log from
cdk deploy:Error log from Custom Resource Lambda Function:
Environment
Other
I can only find two places where there's a reference to a
.Nameproperty in the DNS Validated Certificate Lambda function:aws-cdk/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js
Line 116 in cb71f34
aws-cdk/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js
Line 137 in cb71f34
I believe it's the first, (dns_validated_certificate_handler/lib/index.js#L116) since the last message to appear before the error is thrown is
Waiting for ACM to provide DNS records for validation....Here's the code in question:
A note regarding the Certificate naming and Route53 hosted zone:
The hosted zone is a subdomain (e.g.
foo.example.com- changed for anonymity), and I'm adding a few extra wildcards:foo.example.com('DomainName')*.foo.example.com(SAN)*.ecs.foo.example.com(SAN)Here's the generated CloudFormation Resource:
Here's the Certificate Object being queried over in the referenced code:
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: