I manage the domain blackbuck.jp with Vercel.
I want to manage the subdomain api.blackbuck.jp with AWS Route53.
So I created a hosted zone for api.blackbuck.jp in Route 53 and obtained the following records.
Record name, type, value/traffic routing destination
api.blackbuck.jp, NS, [ns-.awsdns-45.net, ns-.awsdns-35.com, ns-.awsdns-57.co.uk, ns-.awsdns-45.org]
api.blackbuck.jp, SOA, ns-.awsdns-45.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
For the above records, I added four NS records to the www.blackbuck.jp domain on Vercel.
Next, I went to the AWS Certificate Manager (ACM) console and requested a certificate for api.blackbuck.jp, which gave me the following CNAME record.
Domain, Type, CNAME name, CNAME value
api.blackbuck.jp, CNAME, .api.blackbuck.jp, .acm-validations.aws.
The certificate request status was initially “successful” but then quickly changed to “failed”.
A CNAME record was added to the www.blackbuck.jp domain of Vercel for the above record.
Details about the ACM “failure” were also listed on the following page.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-caa.html
Based on the information on the above page, the following CAA record was added to the www.blackbuck.jp domain of Vercel.
Name, Type, Value, TTL
api, CAA, 0 issue “amazon.com”, 60
When this record was added, the following record was automatically added.
Name, Type, Value, TTL
api, CAA, 0 issue “letsencrypt.org”, 60
After performing this operation, I went back to the ACM console and requested a certificate for api.blackbuck.jp, but it returned a “failed” result.
Currently, when I use the nslookup command, I get the following result:
> nslookup -type=any blackbuck.jp
Server: Archer
Address: 192.168.0.1
Non-authoritative answers:
blackbuck.jp internet address = 76.76.21.22
blackbuck.jp internet address = 76.76.21.93
blackbuck.jp nameserver = ns2.vercel-dns.com
blackbuck.jp nameserver = ns1.vercel-dns.com
blackbuck.jp
primary name server = ns1.vercel-dns.com
responsible mail addr = hostmaster.nsone.net
serial = 1725093037
refresh = 43200 (12 hours)
retry = 7200 (2 hours)
expire = 1209600 (14 days)
default TTL = 600 (10 mins)
blackbuck.jp HINFO CPU = RFC8482
ns2.vercel-dns.com internet address = 198.51.45.13
ns1.vercel-dns.com internet address = 198.51.44.13
> nslookup -type=ns api.blackbuck.jp
Server: Archer
Address: 192.168.0.1
Non-authoritative answers:
api.blackbuck.jp nameserver = ns-<number>.awsdns-45.org
api.blackbuck.jp nameserver = ns-<number>.awsdns-57.co.uk
api.blackbuck.jp nameserver = ns-<number>.awsdns-35.com
api.blackbuck.jp nameserver = ns-<number>.awsdns-45.net
> nslookup -type=caa api.blackbuck.jp
unknown query type: caa
Server: Archer
Address: 192.168.0.1
*** There are no available internal type for both IPv4 and IPv6 Addresses (A+AAAA) records for api.blackbuck.jp
> nslookup -type=cname api.blackbuck.jp
Server: Archer
Address: 192.168.0.1
api.blackbuck.jp
primary name server = ns-<number>.awsdns-45.net
responsible mail addr = awsdns-hostmaster.amazon.com
serial = 1
refresh = 7200 (2 hours)
retry = 900 (15 mins)
expire = 1209600 (14 days)
default TTL = 86400 (1 day)
Deployment URL or Custom Domain: blackbuck.jp, api.blackbuck.jp
Project Framework: Next.js 14