Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: fbe.storganisehost.co.uk
I ran this command:sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d fbe.storganisehost.co.uk
It produced this output:An error occurred (AccessDenied) when calling the ListHostedZones operation: User: arn:aws:sts::492283802954:assumed-role/AmazonLightsailInstanceRole/i-0c8b8321276ea9aea is not authorized to perform: route53:ListHostedZones
My web server is (include version):Lightsail
The operating system my web server runs on is (include version):CentOS7
My hosting provider, if applicable, is:AWS
I can login to a root shell on my machine (yes or no, or I don't know):no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):certbot 1.14.0
My issue here is that an assumed role seems to be created each time, which does not have the correct credentials. I have put the Access & secret key into the ~/.aws/config file as instructed. Not sure why it is not using the AWS role assigned andissuing an Assumed Role. I have trawled the forums to see if there is a similar issue, but nothing seems to help.