Errors while attempting lego tool usage for creating wildcard SSL on AWS Lightsail DNS Zone

[EarthmanWeb]

Welcome

• Yes, I'm using a binary release within 2 latest releases.
• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, I've included all information below (version, config, etc).

What did you expect to see?

When using instructions provided here:
https://go-acme.github.io/lego/dns/lightsail/

Expect to see acme challenge successful and certs created

What did you see instead?

When using instructions provided here:
https://go-acme.github.io/lego/dns/lightsail/

1. When using the 'minimum permissions required" accoridng to the docs linked above, I get:

2023/09/18 20:02:44 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 36aee813-4d88-456a-91f7-742c81242390, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge
2023/09/18 20:02:44 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: f7183aac-2de7-4f81-97a9-e7c4c9161327, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310396 
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310406 
2023/09/18 20:02:44 Could not obtain certificates:
        error: one or more domains had a problem:
[*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: b1a6828f-f0c5-4ad7-9ff9-275dc46e8c18, AccessDeniedException: 
[mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 79081201-e833-4995-aed5-1761be95560b, AccessDeniedException: 

2. When using full permissions, I get the error:

2023/09/18 22:06:56 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: eb5f8321-b61f-4859-8cbb-59f554af3b6f, api error MissingParams: These parameters are required: domainName 
2023/09/18 22:06:56 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge
2023/09/18 22:06:56 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 4a235f59-742e-4a9d-ab4d-c3f8c1d2813e, api error MissingParams: These parameters are required: domainName 
2023/09/18 22:06:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265709851976
2023/09/18 22:06:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265709851986
2023/09/18 22:06:56 Could not obtain certificates:
        error: one or more domains had a problem:
[*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 28142e68-e117-4eaa-b4e5-bac615f240a7, AccessDeniedException: 
[mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 5e93c8ab-7852-458c-9392-33a411b3f5ad, api error MissingParams: These parameters are required: domainName

Here is the command line I am using:

sudo /opt/bitnami/letsencrypt/lego --email="[email protected]"  --domains="mydomain.com" --domains="*.mydomain.com" --dns lightsail --path="/opt/bitnami/letsencrypt" run

How do you use lego?

Through Bitnami

Reproduction steps

1. Setup IAM user with minimum permissions noted on docs page:
   https://go-acme.github.io/lego/dns/lightsail/

OR

1. Setup IAM user with full permissions to all Lightsail resources

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": "lightsail:*",
			"Resource": "*"
		}
	]
}

2. ssh into Bitnami container

3. sudo /opt/bitnami/letsencrypt/lego --email="[email protected]"  --domains="mydomain.com" --domains="*.mydomain.com" --dns lightsail --path="/opt/bitnami/letsencrypt" run
   

https://go-acme.github.io/lego/dns/lightsail/

Version of lego

sudo /opt/bitnami/letsencrypt/lego --version
lego version 4.14.0 linux/amd64

Logs

2023/09/18 20:02:44 [WARN] [*.mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: 36aee813-4d88-456a-91f7-742c81242390, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] [mlmytix.com] acme: Cleaning DNS-01 challenge
2023/09/18 20:02:44 [WARN] [mlmytix.com] acme: cleaning up failed: lightsail: operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: f7183aac-2de7-4f81-97a9-e7c4c9161327, AccessDeniedException:  
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310396 
2023/09/18 20:02:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265684310406 
2023/09/18 20:02:44 Could not obtain certificates:
        error: one or more domains had a problem:
[*.mlmytix.com] [*.mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: b1a6828f-f0c5-4ad7-9ff9-275dc46e8c18, AccessDeniedException: 
[mlmytix.com] [mlmytix.com] acme: error presenting token: lightsail: operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 79081201-e833-4995-aed5-1761be95560b, AccessDeniedException: 

Go environment (if applicable)

n/a

[ldez]

Hello,

have you define the env var DNS_ZONE has defined in the documentation: https://go-acme.github.io/lego/dns/lightsail/#credentials