Amazon Route 53 DNS API :: DNS Zone match could not be determined

Hi this is Jay and I’m trying to set up SSL certificate using DNS.
I picked Amazon Route 53 DNS API as DNS update Method and was able to create credentials with AWS Key ID and secret access key and was able to test it good under Stored Credentials.
Also, DNS Zone ID show up from drop down menu which means it has correct info.
But it keeps giving me an error saying Amazon Route 53 DNS API :: DNS Zone match could not be determined.
Anyone knows or has experienced this kind of issue?

Thank you

Hi Jay,

So you’ve selected your zone form the dropdown and there is now a Zone ID populated in the ZoneID text entry field? Your settings should look something like:

The key you are using also need to be assigned all of the correct permissions:

Thank you for getting back to me. Yes my settings as just like the one you posted.
Also all the permission has been updated.
After the permission has been updated I am now getting

Amazon Route 53 DNS API :: Dns Record Create/Update: - [RRSet with DNS name is not permitted in zone **]

This is because it’s not following the CNAME so it’s not updating the correct DNS entry.
I’m not familiar with posh acme but I heard this is another way.
Any suggestions? Thank you in advance

Our Route 53 provider is not using Posh-ACME, so there is no relationship to their instructions in this case.

Our provider does not support aliased records for acme challenges and is explicitly expecting to be updating the specified record in the correct zone.