We are evaluating Certify the Web on several dev machines in AWS. One particular machine suddenly failed to renew its certificate a while back. While investigating the issue we found that we’re receiving the following error:
“[ERR] DNS update failed: Amazon Route 53 DNS API :: DNS Zone match could not be determined.”
Attempting to test the renewal fails with the same error. Attempting to test the credentials in use did not generate an error, but also did not indicate success. We have verified that all servers are using the same IAM user with the same Access Key ID and same Secret Access Key, and all servers are in the same security groups with the same access to the internet. Testing renewal and credentials on other servers works as expected.
We removed the software from the machine completely, including removing the Certify folder from C:\ProgramData and purging all mentions of Certify the Web from the registry. We then rebooted the machine and reinstalled the software. Upon configuration we get exactly the same error. The only difference is that now when we try to test the credentials in use we receive the response “Test completed, but no zones returned.” Clicking the ellipsis does not update the (Select Zone) list. I manually entered the DNS Zone ID with the information from one of the working servers (and confirmed it was identical to the Zone ID that had been previously configured on the broken server).
Searching the web for either of the errors mentioned previously has so far been unfruitful. Anybody have any ideas?