Issues when creating and validating AWS ACM certificate using Terraform

Question

I'm trying to create and validate an AWS ACM certificate with Terraform. This is my config:

// not used in this config, but it does exist
resource "aws_route53_zone" "main" {
  name = "mycompany.com"
}

resource "aws_route53_zone" "dev" {
  name = "dev.mycompany.com"
}

resource "aws_acm_certificate" "cert" {
  domain_name       = "*.dev.mycompany.com"
  validation_method = "DNS"
  key_algorithm     = "RSA_2048"
}

resource "aws_route53_record" "records" {
  for_each = {
    for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }
  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 300
  type            = each.value.type
  zone_id         = aws_route53_zone.dev.zone_id
}

resource "aws_acm_certificate_validation" "validation" {
  certificate_arn = aws_acm_certificate.cert.arn
  validation_record_fqdns = [for record in aws_route53_record.records : record.fqdn]
}

But aws_acm_certificate_validation creation takes forever:

aws_acm_certificate_validation.validation: Still creating... [5m30s elapsed]

It never ends.

If I stop the execution with Control + C, I get this:

waiting for ACM Certificate ({arn here}) to be issued: context canceled

What is wrong in my configuration?

Answer 1

Solved. Problem was due a hosted zone misconfiguration (I changed NS records manually and they didn't match with SOA record). Nothing related to the certificate itself; code in the question is perfectly valid.

Answer 2

It could be the DNS propagation delay that's getting you. It might take up to 72 hours.

Also, did you try creating via Console? Does it work?