I recently ordered a public certificate via AWS Certificate Manager (ACM) for a .io domain that I own. I chose E-Mail validation as the validation method as I have used that method without issues for other domains. I waited for hours and I never got the validation email sent to the email address that is registered with the domain. After a bit of googling, I came across the following article on AWS documentation
The .IO domain is assigned to the British Indian Ocean Territory. Currently, the domain registry does not display your public information from the WHOIS database. This is true whether you have privacy protection for the domain enabled or disabled. When a WHOIS lookup is performed, only obfuscated registrar information is returned. Therefore, ACM is unable to send validation email to the following three registered contact addresses that are usually available in WHOIS.
Lesson learnt: Always use DNS validation when validating domain ownership. It is fast, reliable and will work across every domain.
Cloud Engineer 