AWS Certificate Manager, cannot get https for subdomain

Question

I have a hosted zone with my main domain. I already added a Load Balancer and configured it to route to my web app. This already works with https and http. So far so good.

Now I wanted to add a subdomain something like: domain.com (routes to my frontend) api.domain.com (routes to my backend). The routing is already working but I cant use https. I tried to get a ssl certificate exactly for this domain (api.domain.com) but this got stuck in pending.

I also tried to use a wildcard (*.domain.com). With this I can connection to my service like this: https://api.domain.com, but the webbrowser says the connection is not safe.

Route 53 entries:

Certificate manager

Shouldn't be the wildcard (*.domain.com) working for my api. Subdomain? And do you know why the first two certificates are stuck in pending?

Answer 1

Certificates are stuck in pending if they're waiting to be approved. The conditions (DNS records or email verification) have not yet been met.

If the domain is unsafe then the SSL for the domain has either expired, is not from a valid CA or is not included as a valid domain on the generated certificate.