We have many certificates for many domains that should all redirect to our root domain, and our implementation is to attach n number of certificates with each up to 10 subject alternative domains to our load balancer. This means that 1 certificate can hold up to 5 different domains, which correspond to 5 different hosted zones, e.g. a certificate for example.com will include SANs for .example.com, example.org and .example.org.
This module allows for automatic DNS-based verification of the main domain, but only takes a single variable zone_id, which prevents the verification of any other domains in the SAN list.
Perhaps allow passing in a list of zone_ids and match them in the module when creating the validation records. Or find the zone_id relating to a SAN at runtime, when boolean variable is set to true (var.find_zone).
SamuelNorbury
commented
3 months ago
Feature Request
Description of Problem:
We have many certificates for many domains that should all redirect to our root domain, and our implementation is to attach n number of certificates with each up to 10 subject alternative domains to our load balancer. This means that 1 certificate can hold up to 5 different domains, which correspond to 5 different hosted zones, e.g. a certificate for example.com will include SANs for .example.com, example.org and .example.org.
This module allows for automatic DNS-based verification of the main domain, but only takes a single variable
zone_id, which prevents the verification of any other domains in the SAN list.I also can't automate the verification easily outside of the module because the data resource for the certificate https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/acm_certificate because it doesn't export domain_validation_options similarly to the non-data resource: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#domain_validation_options
Potential Solutions:
Perhaps allow passing in a list of zone_ids and match them in the module when creating the validation records. Or find the zone_id relating to a SAN at runtime, when boolean variable is set to true (var.find_zone).