wait_for_certificate_issued input not waiting until the certificate is issued

[tbpoetke]

Describe the Bug

First time applying my Terraform stack ends in:

Error: creating ELBv2 Listener (arn:aws:elasticloadbalancing:eu-central-1:128840427886:loadbalancer/app/XXX/9202ae7b846a2e1c): UnsupportedCertificate: The certificate 'arn:aws:acm:eu-central-1:128840427886:certificate/e7050367-4b27-4582-8157-3fa96710fccd' must have a fully-qualified domain name, a supported signature, and a supported key size.

after waiting some minutes the next apply show the change of the validation:

module.acm.module.acm_request_certificate.aws_acm_certificate.default[0] has changed
  ~ resource "aws_acm_certificate" "default" {
        id                        = "arn:aws:acm:eu-central-1:128840427886:certificate/e7050367-4b27-4582-8157-3fa96710fccd"
      ~ status                    = "PENDING_VALIDATION" -> "ISSUED"
      + tags                      = {}
        # (7 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

The next apply was sucessfully completed .

I have set wait_for_certificate_issued = true
it should not prevent this ?

[nitrocode]

@tbpoetke The input uses this resource aws_acm_certificate_validation and we are limited by the inputs of this resource.

terraform-aws-acm-request-certificate/main.tf

Lines 49 to 53 in 6cce676

	resource "aws_acm_certificate_validation" "default" {
	count = local.process_domain_validation_options && var.wait_for_certificate_issued ? 1 : 0
	certificate_arn = join("", aws_acm_certificate.default.*.arn)
	validation_record_fqdns = [for record in aws_route53_record.default : record.fqdn]
	}

We have considered using an outside sleep but it would be better to improve the above resource in the aws provider than to put in a custom sleep.