I'm trying to add Amazon SES service to my domain, but I'm having trouble verifying my domain with them. I've carefully followed Amazon's instructions for Bring Your Own DKIM (BYODKIM) but the domain keeps getting stuck at "verification pending". I waited the full 72 hours to receive an "Email DKIM setup FAILURE" message from Amazon with the explanation, "We have not been able to detect the required DNS records in your DNS settings." I have doublechecked everything, especially in DNS, and carefully repeated the setup procedure from scratch but still can't get my domain verified. What might I be doing wrong?
Asked
Active
Viewed 16 times
1 Answers
1
As of OpenSSL 3.0, the openssl genrsa command produces PKCS #8 formatted private keys by default, which Amazon SES does not support. Amazon SES BYODKIM private keys are required to be in PKCS #1 format.
To fix this issue, regenerate the keypair while specifying the -traditional option to openssl genrsa, and then rebuild the Amazon SES configuration using that keypair. This option is new in OpenSSL 3.0.
fjarlq
- 228
- 1
- 4