Letsencrypt for Route 53 root domain and wildcard

[themsaid]

If I generate a certificate for root domain only or wildcard only it works, but if I generate a certificate for both I get this error.

[AnalogJ]

From your image its a bit difficult to determine exactly what the cause is.

There are a couple of lexicon providers that need to be changed to support record sets, but all of the Certbot integrated providers should work out of the box. You may need to bring up this issue with Certbot or the ACME client that you use.

Which DNS provider are you attempting to communicate with? And which ACME/letsencrypt client are you using?

[themsaid]

I'm using Route53 as the DNS provider and dehydrated as the acme client, here's the hook registered: https://raw.githubusercontent.com/AnalogJ/lexicon/master/examples/dehydrated.default.sh

[taylorotwell]

A little more info on what we are seeing:

The TXT record never seems to be updated from the first challenge value... it just always stays at this value until the script finishes with invalid challenge results...

[taylorotwell]

The issue seems to be Route 53 doesn't like multiple TXT values with the same domain. I can't even do it manually in the Route 53 web console... even though I can do it in other providers like Cloudflare.

So, that seems to be the problem.

[taylorotwell]

This SO issue seems to indicate the values have to all be added at the same time:

https://serverfault.com/questions/616407/tried-to-create-2-record-set-type-txt-in-route53

🤷‍♂️

[AnalogJ]

Yeah, currently the Route53 provider does not support record sets, theres an open issue for it: https://github.com/AnalogJ/lexicon/issues/262

I don't use Route53 with lexicon so it's a bit hard for me to test changes. If you'd be willing to open a PR there's an existing record-set test suite that you can use to verify your work.

We tracked some of the providers that have record-set support in https://github.com/AnalogJ/lexicon/pull/190 so you can use those providers as examples if you do end up writing a PR.

[baochungit]

@AnalogJ Route 53 does support record sets. Take a look at bellow of value field, you will see a note "IPv4 address. Enter multiple addresses on separate lines.". However lexicon doesn't do it the same way.

[baochungit]

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#TXTFormat Could lexicon support this soon?