Route53 dnsChallenge with multiple domains

Greetings,

With Traefik v1, I was never able to get the acme dnsChallenge for Route53 to work with multiple domains. For example, if I have an example.net and anotherexample.net domains, I'm able to make it work flawlessly with example.net, but when it tries to set up the dns for anotherexample.net, it fails with an error like this:

 time="2019-09-19T20:19:29Z" level=error msg="Unable to obtain ACME certificate for domains \"anotherexample.net,www.anotherexample.net\": unable to generate a certificate for the domains [anotherexample. net www.anotherexample.net]: acme: Error -> One or more domains had a problem:\n[anotherexample.net] [anotherexample.net] acme: error presenting token: route53: failed to determine hosted zone ID:        unexpected response code 'SERVFAIL' for _acme-challenge.anotherexample.net.\n[www.anotherexample.net] [www.anotherexample.net] acme: error presenting token: route53: failed to determine hosted zone ID:   unexpected response code 'SERVFAIL' for _acme-challenge.www.anotherexample.net.\n" providerName=letsEncrypt.acme routerName=nginx-anotherexample-https rule="Host(`anotherexample.net`) || Host(`www.       anotherexample.net`)"

Is it possible to make this work?

Thanks...

hi there,

did you get a solution for this ?

Nope, I kept manually switching when needed to renew the cert.

Any progress? Still dealing with this in 2024

The real question is why does traefik/lego throw this error when the permissions granted to it allows it to list hosted zones by name? Amazon Route 53 :: Let’s Encrypt client and ACME library written in Go.

Assuming one is just using a single provider, with multiple hosted zones, each one's zone id should be able to be fetched. As the same doc says:

If AWS_HOSTED_ZONE_ID is not set, Lego tries to determine the correct public hosted zone via the FQDN.