vancluever
commented
7 years ago Hey @ryudice - sorry, must have missed this one!
Unfortunately, private hosted zones won't work - since they are not available in public DNS, Let's Encrypt won't be able to see it, so even if you can (although it seems like the machine running TF can't see the zone either), LE won't be able to validate the CN/SANs you are applying for.
In theory, you might be able to get this work by hosting your own private ACME CA, pointing TF against that, and running the apply on a machine that can actually see the zone, but YMMV and I've never personally tested the plugin against such a setup. Further to that, you would need to install the CA certificates on every endpoint that needs to trust it, which may not be what you are looking for.
Hope that helps!
I'm using a private hosted zone in Route 53 and I'm getting the following error eventhough the zone exists:
develop-env1.cj.uat.dev.mycompany.com: Error presenting token: Failed to determine Route 53 hosted zone ID: Zone mycompany.com
Is it possible to specify the ZoneID? is it possible to use a private hosted zone?