I’m trying to request a certificate for a domain and its wildcard subdomains (i.e. subdomain.example.com and *.subdomain.example.com )
I’m using certbot-auto with DNS verification. I use --manual-auth-hook to call my DNS update script. The DNS update script talks to AWS Route53 to add the TX record based on the CERTBOT_DOMAIN environment variable. For some reason, it seems certbot-auto sets CERTBOT_DOMAIN to “subdomain.example.com” for both domains. I was expecting one to be “subdomain.example.com” and “*.subdomain.example.com” but am getting “subdomain.example.com” for both.
Is certbot-auto behaving correctly?
AWS doesn’t seem to allow me to create multiple TX records for the same domain. It will either error out if I try to create the two TXT records for the same domain or overwrite the first one if I use UPSERT (update or insert) instead. Either way, DNS verification fails.
Is this a limitation of AWS Route53 or is there something wrong with my DNS update script?
Thanks in advance.