Introduction
Connecting a custom domain to AWS Amplify should be simple but sometimes you may run into this frustrating error:
Make SSL changes and try again.
Consult the troubleshooting guide, make any necessary changes, and retry activation.
If you’ve spent hours checking DNS records, regenerating SSL certificates, or digging through AWS documentation with no luck—you’re not alone. I recently encountered this issue while supporting a customer, and after extensive troubleshooting, I discovered the real root cause that AWS doesn't clearly point out.
This post walks you through the exact problem and the simple fix that finally resolved it.
❗️The Error in Amplify
When activating a custom domain in AWS Amplify, you may see:
Make SSL changes and try again.
Amplify advises you to check the SSL configuration, but the real issue is usually not related to your certificate at all.
⚡ My Troubleshooting Journey
Like most engineers, I started with the standard checks:
- Regenerating the SSL certificate
- Ensuring the certificate was issued in us-east-1
- Validating domain and subdomain spelling
- Reviewing Route 53 DNS records
- Searching AWS re:Post, StackOverflow, and several AI agents
Nothing worked.
At that point, I decided to isolate every possible cause manually. That’s when I noticed something that Amplify does not highlight clearly.
🧠 Understanding the Real Root Cause
AWS Amplify, although regionally displayed in the console, behaves like a global service when it comes to domain management similar to S3.
This means:
👉 You cannot map the same domain or subdomain to more than one Amplify app, even if the other app is old, inactive, or already deleted from your current workflows.
If a domain or subdomain is still attached to ANY Amplify project anywhere in AWS Accounts, the new SSL validation will fail silently and repeatedly.
Amplify does not explicitly warn you that the domain is already mapped somewhere else—making the error appear unrelated.
✔️ The Solution That Worked
When I asked the client whether they had an older Amplify app before migrating, they confirmed yes.
That old app still had the domain attached and was blocking SSL activation.
Fix Steps:
- Go to the previous Amplify app (if deleted, check the Amplify console history).
- Remove any custom domain mappings.
- Return to the new Amplify app.
- Re-add the domain.
After deleting the old domain mapping, the SSL validation completed instantly.
🛠 Code Snippet — Domain Cleanup (If Using CLI)
If you manage Amplify via CLI, you can list and remove domain mappings like this:
# List domain associations for an Amplify app
aws amplify list-domain-associations \
--app-id YOUR_APP_ID
# Delete an old domain mapping
aws amplify delete-domain-association \
--app-id YOUR_APP_ID \
--domain-name yourdomain.com
✅ Final Thoughts
This issue is surprisingly common, and the fix is much simpler than the error message implies.
If you’re stuck on the SSL activation step in AWS Amplify:
Always check whether your domain or subdomain is mapped to another Amplify app.
Removing that mapping is often the key to solving the problem instantly.
Top comments (0)