4

我正在使用主账户中的 lambda 函数在 AWS 组织账户中创建 ACM 公有证书,

创建 ACM 证书并附加侦听器的代码是:

resp_acm = client_acm.request_certificate(
    DomainName='test.example.com',
    ValidationMethod= 'DNS',
)
acm_arn = resp_acm['CertificateArn']

print(acm_arn)

resp_listener = client_elbv.create_listener(
    Certificates=[
        {
            'CertificateArn': acm_arn,
        },
    ],
    DefaultActions=[
        {
            'Type': 'forward',
            'TargetGroupArn': Target_group_arn,
        },
    ],
    LoadBalancerArn=alb_arn,
    Port=443,
    Protocol='HTTPS',
    SslPolicy='ELBSecurityPolicy-2016-08',
)

但我收到此错误:

"errorMessage": "An error occurred (UnsupportedCertificate) when calling the CreateListener operation: The certificate 
'arn:aws:acm:eu-west-2:xxxxxxxxx:certificate/675071212-cdd1-4gg5-9d49-6a89a47eee88' must have a fully-qualified domain name, 
a supported signature, and a supported key size.",

任何人请帮忙。主域在主帐户中,并为子域 aws 组织跨帐户创建证书。

4

1 回答 1

4

我已经解决了这个问题,在获得 ACM 证书后,您必须在等待一段时间后进行验证。您可以使用以下代码段:

acm_arn = resp_acm['CertificateArn']


print(acm_arn)
time.sleep(10)
#describe acm certificate
acm_describe = client_acm.describe_certificate(
CertificateArn=acm_arn
)

name = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Name']

value = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Value']

#validating acm certificate using DNS

acm_validation = client_route53.change_resource_record_sets(
    HostedZoneId=HostedZoneID,
    ChangeBatch={
        'Comment': 'DNS Validation',
        'Changes': [
            {
                'Action': 'CREATE',
                'ResourceRecordSet': {
                    'Name': name,
                    'Type': 'CNAME',
                    'TTL': 1800,
                    'ResourceRecords': [
                        {
                            'Value': value
                        },
                    ],
                }
            },
        ]
    }
)

#waiting for acm to get validated using dns
waiter = client_acm.get_waiter('certificate_validated')
waiter.wait(
    CertificateArn=acm_arn,
    WaiterConfig={
        'Delay': 15,
        'MaxAttempts': 80
    }
)
time.sleep(10)

希望这也能解决你的问题。

于 2021-09-10T10:59:32.533 回答