DNSimple: zone domain.com. not found in DNSimple for domain sub2.sub1.domain.com

[Nowaker]

% lego -d sub2.sub1.domain.com -m SNIPPED -a --dns dnsimple run
2018/06/06 10:18:22 [INFO][sub2.sub1.domain.com] acme: Obtaining bundled SAN certificate
2018/06/06 10:18:23 [INFO][sub2.sub1.domain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/SNIPPED
2018/06/06 10:18:23 [INFO][sub2.sub1.domain.com] acme: Could not find solver for: http-01
2018/06/06 10:18:23 [INFO][sub2.sub1.domain.com] acme: Trying to solve DNS-01
2018/06/06 10:18:25 Could not obtain certificates
        acme: Error -> One or more domains had a problem:
[sub2.sub1.domain.com] Error presenting token: zone domain.com. not found in DNSimple for domain sub2.sub1.domain.com

What's in Dnsimple:

Why it's happening:

Currently, Lego is looking for a direct match (sub2.sub1.domain.com), then for one level below the public suffix (domain.com), then gives up.

Lego should look for a matching zone starting from the lowest level (sub2.sub1.domain.com) and try one level up until it finds a matching zone. In our case, it would be sub2.sub1.domain.com -> sub1.domain.com -> domain.com. (Skip com because it's a public suffix)

CCing the original author of Dnsimple support in Lego: @weppos :)

[jaen]

I don't have enough DNS-fu to say so conclusively, but I am experiencing a similar issue with the CloudFlare provider (first enountered with Traefic, but reproduces using the CLI), so the issue might be more systemic than just a single provider. Hopefully it's not too hard to fix?