CNAME entry not working on NameCheap using Amazon Certificate Manager

Adding a more complete answer.

Some DNS provider like Namecheap appends the bare domain name to the DNS record. In effect, if you add the full record provided from Amazon Certificate Manager like so (replace example.com with your domain):

_cff0cda88701846cbe7a34cd737378e2.example.com

What you'll end up with is

_cff0cda88701846cbe7a34cd737378e2.example.com.example.com

To check if this is the case, after you have added the DNS record, run this command (on Unix)

dig +short _cff0cda88701846cbe7a34cd737378e2.example.com.example.com

If it returns the CNAME record, you have to omit the domain name from your DNS record so you won't get a duplicate domain name in there. Then run

dig +short _cff0cda88701846cbe7a34cd737378e2.example.com

You should get the corresponding CNAME record from it. The validation can take up to 48 hours.


Even though AWS includes it, do not include the domain name itself in the CNAME Host field for Namecheap (they apparently append it for you); just chop that off at the end. The value field is fine.

Give it half an hour.


In the CNAME record enter - _cff0cda88701846cbe7a34cd737378e2 as the host field and - _490287b8f448e2cca3862ebb4a51591.acm-validations.aws in the value field.

Once done wait for at least 1 hour for the changes to reflect.


If anyone is looking for NameCheap DNS record validation for AWS CloudFront ssl validation then please refer screenshot below. This NameCheap DNS record validation worked for me as of Jul 2019

Cname record AWS and NameCheap