I kind of don't want to spend the energy talking about this, but in order for AWS to validate a cert for a domain, it wants you to demonstrate that you control that domain by creating unique CNAME records for that domain, then it checks to see that you did.
That's fine, but of course, there are multiple amazon.com pages that purport to tell you how to do this. The
first one, which I looked at on Friday, is in the user guide, and it tells you how it works. But it *does not* tell you where in their terrible UI to find the secret CNAME records that you should create. You are left feeling some doubt. Are the values in that article somehow the ones you should create?
The
second one, which I found just now, is a post in their security blog, introducing this method of validation. There, they actually tell you where to find the CNAME values. Even though the screenshot is out of date, you can still figure out where to look for it, and more importantly, verify that it's going to be in the AWS console at all, so you don't have to consider other possibilities.
Once again, I leave you with my usual closing: AWS has a lot of UX and communication problems.