I am trying to generate an acme_certificate for the wildcard domain. I have written a terraform script to generate certs for all records under DNS zones but getting error DNS problem: NXDOMAIN looking up TXT. Is there any way to automatically validate DNS challenge in acme_certificate terraform logic?
provider "acme" {
server_url = "https://acme-v02.api.letsencrypt.org/directory"
}
resource "tls_private_key" "private_key" {
algorithm = "RSA"
}
resource "acme_registration" "registration" {
account_key_pem = tls_private_key.private_key.private_key_pem
email_address = "myemail@gmail.com" # TODO put your own email in here!
}
resource "acme_certificate" "certs" {
for_each = var.certs
account_key_pem = acme_registration.registration.account_key_pem
# allow overriding the common name if set
common_name = lookup(each.value, "common_name", null) != null ? each.value.common_name : each.key
subject_alternative_names = [for s in each.value.subject_alternative_names_prefixes : "${s}.${each.key}"]
disable_complete_propagation = true
min_days_remaining = 45
dns_challenge {
provider = "oraclecloud"
config = {
OCI_COMPARTMENT_OCID = "${var.compartment_ocid}"
OCI_TENANCY_OCID = "${var.tenancy_ocid}"
OCI_USER_OCID = "${var.user_ocid}"
OCI_REGION = "${var.region}"
OCI_PUBKEY_FINGERPRINT = "${var.fingerprint}"
OCI_PRIVKEY_FILE = "${var.private_key_path}"
}
}
depends_on = [module.hosted_zones]
}
module "hosted_zones" {
source = "./hosted_zones"
for_each = var.hosted_zones
zone = each.key
records = each.value
compartment_ocid = "${var.compartment_ocid}"
}
below is the config.vars
certs = {
"devtest-oci.mydomain.com" = {
subject_alternative_names_prefixes = [
"*",
"*.apps",
"*.sys",
"test"
]
}
}
hosted_zones = {
"devtest-oci.mydomain.com" = {
"*.apps." = {
records = ["1.2.3.4"]
}
"*.sys." = {
records = ["1.2.3.6"]
}
"test" = {
records = ["1.2.3.7"]
}
}
}