# Troubleshooting HTTP validation problems
<a name="troubleshooting-HTTP-validation"></a>

Consult the following guidance if you're having trouble validating a certificate with HTTP.

The first step in HTTP troubleshooting is to check the current status of your domain with tools such as the following:
+ **curl** — [Linux and Windows](https://curl.se/docs/manpage.html)
+ **wget** — [Linux and Windows](https://www.gnu.org/software/wget/manual/wget.html)

**Topics**
+ [Content mismatch between RedirectFrom and RedirectTo locations](#http-validation-content-mismatch)
+ [Incorrect CloudFront configuration](#http-validation-cloudfront-configuration)
+ [HTTP redirect issues](http-validation-redirect-issues.md)
+ [Validation timeout](http-validation-timeout.md)

## Content mismatch between RedirectFrom and RedirectTo locations
<a name="http-validation-content-mismatch"></a>

If the content at the `RedirectFrom` location doesn't match the content at the `RedirectTo` location, validation will fail. Ensure that the content is identical for each domain in the certificate.

## Incorrect CloudFront configuration
<a name="http-validation-cloudfront-configuration"></a>

Make sure your CloudFront distribution is correctly configured to serve the validation content. Check that the origin and behavior settings are correct and that the distribution is deployed.

# HTTP redirect issues
<a name="http-validation-redirect-issues"></a>

If you're using a redirect instead of serving the content directly, follow these steps to verify your configuration.

**To verify redirect configuration**

1. Copy the `RedirectFrom` URL and paste it into your browser's address bar.

1. In a new browser tab, paste the `RedirectTo` URL.

1. Compare the content at both URLs to ensure they match exactly.

1. Verify that the redirect returns a 302 status code.

# Validation timeout
<a name="http-validation-timeout"></a>

HTTP validation may time out if the content isn't available within the expected time frame. To troubleshoot validation issues, follow these steps.

**To troubleshoot validation timeout**

1. Do one of the following to check which domains are pending validation:

   1. Open the ACM console and view the certificate details page. Look for domains marked as **Pending validation**.

   1. Call the `DescribeCertificate` API operation to view the validation status of each domain.

1. For each pending domain, verify that the validation content is accessible from the internet.