From 2280e66d7366d51a937ebaf2fe126c759c721395 Mon Sep 17 00:00:00 2001
From: Manuel Sanchez Pinar <aomanu@gmail.com>
Date: Thu, 12 May 2022 10:51:15 +0200
Subject: [PATCH] dns_aws: Fix when _acme-challenge is a hostedzone

    The function '_get_root' tries to retrieve the
    hostedzone iterating the domains, eg:
      1. srv.prod.example.com
      2. prod.example.com
      3. example.com
    This doesn't work if '_acme-challenge' is in it's
    own hostedzone for security reasons.
    Starting that iteration with '_acme-challenge.srv.prod.example.com'
    fixes this issue.
---
 dnsapi/dns_aws.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index 14a4594d..78008f5b 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -151,8 +151,8 @@ dns_aws_rm() {
 ####################  Private functions below ##################################
 
 _get_root() {
-  domain=$1
-  i=2
+  domain=_acme-challenge.$1
+  i=1
   p=1
 
   if aws_rest GET "2013-04-01/hostedzone"; then