Errors while attempting lego tool usage for creating wildcard SSL on AWS Lightsail DNS Zone

[EarthmanWeb]

Welcome

• [X] Yes, I'm using a binary release within 2 latest releases.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, config, etc).

What did you expect to see?

When using instructions provided here: https://go-acme.github.io/lego/dns/lightsail/

Expect to see acme challenge successful and certs created

What did you see instead?

When using instructions provided here: https://go-acme.github.io/lego/dns/lightsail/

1. When using the 'minimum permissions required" accoridng to the docs linked above, I get:

2023/09/18 20:02:44 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 36aee813-4d88-456a-91f7-742c81242390, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge
2023/09/18 20:02:44 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: f7183aac-2de7-4f81-97a9-e7c4c9161327, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310396 
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310406 
2023/09/18 20:02:44 Could not obtain certificates:
        error: one or more domains had a problem:
[*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: b1a6828f-f0c5-4ad7-9ff9-275dc46e8c18, AccessDeniedException: 
[mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 79081201-e833-4995-aed5-1761be95560b, AccessDeniedException: 

2. When using full permissions, I get the error:

   2023/09/18 22:06:56 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: eb5f8321-b61f-4859-8cbb-59f554af3b6f, api error MissingParams: These parameters are required: domainName 
   2023/09/18 22:06:56 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge
   2023/09/18 22:06:56 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 4a235f59-742e-4a9d-ab4d-c3f8c1d2813e, api error MissingParams: These parameters are required: domainName 
   2023/09/18 22:06:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265709851976
   2023/09/18 22:06:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265709851986
   2023/09/18 22:06:56 Could not obtain certificates:
       error: one or more domains had a problem:
   [*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 28142e68-e117-4eaa-b4e5-bac615f240a7, AccessDeniedException: 
   [mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 5e93c8ab-7852-458c-9392-33a411b3f5ad, api error MissingParams: These parameters are required: domainName

Here is the command line I am using:

sudo /opt/bitnami/letsencrypt/lego --email="mlmytix@earthman.ca"  --domains="mydomain.com" --domains="*.mydomain.com" --dns lightsail --path="/opt/bitnami/letsencrypt" run

How do you use lego?

Through Bitnami

Reproduction steps

1. Setup IAM user with minimum permissions noted on docs page: https://go-acme.github.io/lego/dns/lightsail/

OR

1. Setup IAM user with full permissions to all Lightsail resources

   {
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": "lightsail:*",
           "Resource": "*"
       }
   ]
   }

2. ssh into Bitnami container

3. sudo /opt/bitnami/letsencrypt/lego --email="mlmytix@earthman.ca"  --domains="mydomain.com" --domains="*.mydomain.com" --dns lightsail --path="/opt/bitnami/letsencrypt" run

   https://go-acme.github.io/lego/dns/lightsail/

Version of lego

sudo /opt/bitnami/letsencrypt/lego --version
lego version 4.14.0 linux/amd64

Logs

``` 2023/09/18 20:02:44 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 36aee813-4d88-456a-91f7-742c81242390, AccessDeniedException: 2023/09/18 20:02:44 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge 2023/09/18 20:02:44 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: f7183aac-2de7-4f81-97a9-e7c4c9161327, AccessDeniedException: 2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310396 2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310406 2023/09/18 20:02:44 Could not obtain certificates: error: one or more domains had a problem: [*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: b1a6828f-f0c5-4ad7-9ff9-275dc46e8c18, AccessDeniedException: [mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 79081201-e833-4995-aed5-1761be95560b, AccessDeniedException: ```

Go environment (if applicable)

n/a

[ldez]

Hello,

have you define the env var DNS_ZONE has defined in the documentation: https://go-acme.github.io/lego/dns/lightsail/#credentials