I’m trying to migrate to CaddyV2 and trying to get the route53 dns challenge working.
There are four pieces (caddy2/lego/acme/aws) to this puzzle so asking around to see if I can get some help.
The error I am getting is
[git238.kebler.net] [git238.kebler.net] acme: error presenting token: route53: failed to determine hosted zone ID: zone net. not found for domain _acme-challenge.git238.kebler.net. (challenge=dns-01 remaining=[])
although according to docs that is not necessary as it’s supposed to find it based on FQDN and policy which allows that.
That got me the no zone same error but slightly different reason No credential providers Maybe that reason is more illuminating.
[git238.kebler.net] [git238.kebler.net] acme: error presenting token: route53: failed to determine hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors
I don’t know how to enable the more verbose messaging (from caddy) or I would.
`
Well with so many moving pieces it was easy to lay blame. Turns out none were to blame (except sheepishly me)
In my case it turned out that I had bad DNS forwarding out of my network for my FQDN (using dnsmasq). This probably explains why it could not get/confirm the zone ID.
Once fixed all was good. It does take some time to get the cert but it does and work as expected even for subdomains with no public dns record which was the whole point of using the dns challenge instead of the automatic caddy cert grabber.