Four years ago, this question was posted: Route53 dnsChallenge with multiple domains
I'm running in Docker Swarm. Currently, if I do not specify AWS_HOSTED_ZONE_ID in the environment, I get the same error
acme: error presenting token: route53: failed to determine hosted zone ID
But specifying the hosted zone ID in the environment applies to all certresolvers declared in traefik (we can't do one per hosted zone, like cert-manager allows for its issuers: Failed to determine Route 53 hosted zone ID: SignatureDoesNotMatch · Issue #668 · cert-manager/cert-manager · GitHub
I get TLS certs for my services with ACME with both LetsEncrypt for my public services, and my own internal step-ca ACME server for internal services.
I must use DNS01 challenge, since HTTP01 only works on port 80, which matters because... Due to the inability to configure on instance of traefik to serve some services on an internal IP, and some on a public IP ( Handling internal and external apps with one instance of Traefik - #10 by waffleProOps ), I must therefore use non-standard HTTP ports (e.g. 8080) for my internal services, and rely on a simple firewall to keep the public internet out.
So I must use DNS01, which won't work for my public and internal hosted zone.
LEGO has the permission to list hosted zones by name, why can't it determine the hosted zone IDs based on my domains, like I described here? Route53 dnsChallenge with multiple domains - #5 by waffleProOps
This seems like it should be able to, and is a possible bug.