AWS Certified SysOps Administrator – Associate (legacy) — Question 925

A SysOps Administrator is implementing SSL for a domain of an internet-facing application running behind an Application Load Balancer (ALB). The Administrator decides to use an SSL certificate from Amazon Certificate Manager (ACM) to secure it.
Upon creating a request for the ALB fully qualified domain name (FQDN), it fails, and the error message `Domain Not Allowed` is displayed.
How can the Administrator fix this issue?

Answer options

• A. Contact the domain registrar and ask them to provide the verification required by AWS.
• B. Place a new request with the proper domain name instead of the ALB FQDN
• C. Select the certificate request in the ACM console and resend the validation email.
• D. Contact AWS Support and verify the request by answering security challenge questions.

Correct answer: B

Explanation

AWS Certificate Manager (ACM) does not allow users to request SSL/TLS certificates for Amazon-owned domain names, which includes the default FQDN assigned to an Application Load Balancer (ALB). To resolve the 'Domain Not Allowed' error, the administrator must request a certificate for their own custom domain name (such as example.com) and configure DNS routing to point to the ALB.