Acme_certificate resource Error: no matching Route53Zone found - With selected zone_id or hard-coded zone_id

Terraform version: Terraform v0.13.0
Operating System: Ubuntu 18.04.4 LTS

Issue
The entire terraform plan seems to execute fine until the very end of the run, I receive the following error:

Error: no matching Route53Zone found

The ACME certificates & registration url (in the format https://acme-v02.api.letsencrypt.org/acme/cert/<cert_id) are output (so I’m assuming the TXT challenge completed?) in the tfstate under the module instances for create-cert-dns module (outlined below).
Code
I am trying to use the “acme_certificate” resource in conjunction with Route53 dns provider to generate certificates. The calling parent module calls the child acme module as follows:

variable "domain-mappings" {
  type = list
  default = [
    "fake.domain.com",
    ]
}
provider "aws" {}
provider "acme" {
  server_url = lookup(var.acme_server_urls, var.acme_server_type)
}

module "create_certs" {
  source = "./modules/letsencrypt/create-cert-dns"
  domain = var.domain-mappings[count.index]
  count = var.amount
  subject_alternative_names = {
    "${var.domain-mappings[count.index]}" = ["*.${var.domain-mappings[count.index]}"]
  }

#tld based email
  reg_email = "admin@${join(".",tolist([reverse(split(".",var.domain-mappings[count.index]))[1],reverse(split(".",var.domain-mappings[count.index]))[0]]))}"
  dns_provider = "route53"
}

The first create-cert-dns module is as follows, which attempts to select the zone_id programmatically:

terraform { required_version = ">= 0.13.0" }

# Create the private key for the registration (not the certificate)
resource "tls_private_key" "private_key" {
  count = var.amount
  algorithm = "RSA"
  rsa_bits = var.key_type
}

# Set up a registration using a private key from tls_private_key
resource "acme_registration" "reg" {
  count = var.amount
  account_key_pem = element(tls_private_key.private_key[*].private_key_pem,count.index)
  email_address   = var.reg_email
}

data "aws_region" "current" {}

data "aws_route53_zone" "selected" {
  #tld
  name = join(".",tolist([reverse(split(".",var.domain))[1],reverse(split(".",var.domain))[0]]))
}

# Create a certificate
resource "acme_certificate" "certificate" {
  count                     = var.amount
  account_key_pem           = element(acme_registration.reg[*].account_key_pem, count.index)
  common_name               = var.domain
  subject_alternative_names = var.subject_alternative_names[var.domain]

  dns_challenge {
    provider = var.dns_provider
    config ={ AWS_HOSTED_ZONE_ID = data.aws_route53_zone.selected.zone_id }
  }

  provisioner "local-exec" {
        command = "echo \"${self.private_key_pem}\" > ./data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ./data/certificates/${self.common_name}_cert.pem"
  }

  provisioner "local-exec" {
    when = destroy
    command = "rm ./data/certificates/${self.common_name}*"
  }
}

The second attempt to make the create-cert-dns module work, with a hard-coded zone_id is as follows:

terraform { required_version = ">= 0.13.0" }

# Create the private key for the registration (not the certificate)
resource "tls_private_key" "private_key" {
  count = var.amount
  algorithm = "RSA"
  rsa_bits = var.key_type
}

# Set up a registration using a private key from tls_private_key
resource "acme_registration" "reg" {
  count = var.amount
  account_key_pem = element(tls_private_key.private_key[*].private_key_pem,count.index)
  email_address   = var.reg_email
}

data "aws_region" "current" {}

data "aws_route53_zone" "selected" {
  name = join(".",tolist([reverse(split(".",var.domain))[1],reverse(split(".",var.domain))[0]]))
}

variable "zone_id"{
  type = string
  default = "<REDACTED>"
}

# Create a certificate
resource "acme_certificate" "certificate" {
  count                     = var.amount
  account_key_pem           = element(acme_registration.reg[*].account_key_pem, count.index)
  common_name               = var.domain
  subject_alternative_names = var.subject_alternative_names[var.domain]

  dns_challenge {
    provider = var.dns_provider
    config ={ AWS_HOSTED_ZONE_ID = var.zone_id }
  }

  provisioner "local-exec" {
        command = "echo \"${self.private_key_pem}\" > ./data/certificates/${self.common_name}_privkey.pem && echo \"${self.certificate_pem}\" > ./data/certificates/${self.common_name}_cert.pem"
  }

  provisioner "local-exec" {
    when = destroy
    command = "rm ./data/certificates/${self.common_name}*"
  }
}

Closing Thoughts

How can I get rid of this error?

Thank you kindly for your time!

My apologies, I resolved my own issue. The issue was that the error did not specify which module it was coming from, and I had another module in the parent which was calling a programmatic zone_id with the wrong domain. Is there an option to make the error output more verbose? Otherwise, this can be resolved. Thanks for looking!