Can't get certificateResolvers to work with route53 provider

Traefik Traefik v2 (latest)
,
1

I cannot get the certificatesResolvers to work. I have a very very simple setup on docker compose, but it is not working:

# docker-compose.yaml
version: '3'

services:

  traefik:
    # The official v2 Traefik docker image
    image: traefik:v2.10
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    environment:
      - AWS_ACCESS_KEY_ID=**************
      - AWS_SECRET_ACCESS_KEY=**************
      - AWS_REGION=us-east-1
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik:/etc/traefik

  whoami3:
    # A container that exposes an API to show its IP address
    image: traefik/whoami
    labels:
      - traefik.http.routers.whoami3.rule=Host(`whoami3.******.net`)
      - traefik.http.routers.whoami3.tls.certresolver=myresolver
      - traefik.http.routers.whoami3.tls={}

# traefik.yaml
# Static configuration
providers:
  file:
    filename: /etc/traefik/dynamic.yaml
    watch: true
  docker: {}

entrypoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"
    http:
      tls: true

api:
  dashboard: true
  insecure: true

log:
  level: "DEBUG"

certificatesResolvers:
  myresolver:
    acme:
      email: ****.****@****.com
      storage: /etc/traefik/acme.json
      # I've tried with and without the below (to avoid API rate limits)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      dnsChallenge:
        provider: route53

What am I doing wrong?

ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645},\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}},\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"models\":{\"websecure\":{\"tls\":{}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=info msg="Starting provider *acme.Provider"
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"********.********@********.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"route53\"},\"ResolverName\":\"myresolver\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=myresolver.acme
ubuntu-traefik-1  | time="2023-05-03T21:14:42Z" level=debug msg="Provider connection established with docker 23.0.5 (API 1.42)" providerName=docker
2

According to docs you need 4 env vars for the dnsChalllenge to work.

Alternatively just change to tlsChallenge, much easier to use, just no wildcard certs.