SSL certificate creation times out on deploy

[jens-johnson]

I created a Serverless project using this framework, but for some reason the CF resource creation for creating the SSL cert times out after ~500-600 seconds. Is the cert supposed to take this long to create?

[tobilg]

@jens-johnson have you updated your DNS settings for your external domain? If so, have you checked that the record expiry is set to a decent (low) timeframe?

The Lambda function that will generate the certificate has a timeout of 900 seconds, meaning that if it can't resolve to NS to the given nameservers of the HostedZone, it'll fail...

[jens-johnson]

@tobilg Thank you for reaching back out; I'm a bit unfamiliar with the DNS process so I might be off here. I have a domain registered through Google Domains, but haven't pointed it any custom DNS servers as I thought that I was supposed to receive these from the output of the CF stack creation. Is there additional configuration on my domain provider through Google needed prior to deploying the stack?

[tobilg]

The process is described here: https://github.com/tobilg/serverless-aws-static-websites#manual-update-of-dns-records-on-first-deploy

The certificate is validated via DNS entries.

[jens-johnson]

This ended up fixing it, thank you so much! Not sure how I glanced over that part; I did have to bump up my session token expiry a bit to avoid timeout, but I was eventually able to deploy in ~1,200 sec all-in-all.