multilevel domain name can't be used for ACME challenge

[ArchiFleKs]

Describe the bug

I have a zone in scaleway DNS with scw.mydomain.com

With external DNS, I can create a domain like test.subdomain.scw.mydomain.com this works fine on Scaleway and AWS and the records is used in Scaleway.

When using this webhook with cert-manager and acme DNS-01 Challenge it fails with failed to update DNS zone recrds: scaleway-sdk-go: http error 403 Forbidden: domain not found because this only parse the first . When using cert-manager with route53 there is no issue with subdomain not declare as a "real" zone.

A workaround would be to actually create the zone but it is not practical for me. Is there any way to check from the last . and try to match a zone and iterate like this. And picking the last one found ?

To Reproduce
Use a multi level domain name as a record

Expected behavior
ACME Challenge is created

Details (please complete the following information):

• Scaleway Cert Manager Webhook version: 0.0.1
• Platform: kapsule 1.22
• Kubernetes version: Kapsule 1.22

[Nox-404]

Hey,
I couldn't reproduce this bug, here is what I did:

1. Registered a subdomain (scw.mydomain.com) as an External Domain in the console
2. Validated the challenge to manage it with Scaleway - procedure in the email
3. Updated the NS records for the subdomain to point to Scaleway's NS - procedure in the email
4. Spawned a fresh Kapsule cluster
5. Installed cert-manager (Helm chart with only installCRDs=true)
6. Installed this chart (I only defined secret.accessKey=SCWxxx and secret.secretKey=xxx-xxx-xxx-xxx)
7. Applied the following ClusterIssuer and Certificates
8. Waited around 2-5 min - Success

---
# cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - dns01:
        cnameStrategy: None
        webhook:
          groupName: acme.scaleway.com
          solverName: scaleway
---
# certificate.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test.scw.mydomain.com
spec:
  commonName: test.scw.mydomain.com
  dnsNames:
    - test.scw.mydomain.com
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt-prod
  secretName: test.scw.mydomain.com-tls
  usages:
    - digital signature
    - key encipherment
---
# certificate-subdomain.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test.subdomain.scw.mydomain.com
spec:
  commonName: test.subdomain.scw.mydomain.com
  dnsNames:
    - test.subdomain.scw.mydomain.com
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt-prod
  secretName: test.subdomain.scw.mydomain.com-tls
  usages:
    - digital signature
    - key encipherment

kubectl get certificate
NAME                            READY   SECRET                                  AGE
test.scw.krondor.fr             True    test.scw.mydomain.com-tls               4m41s
test.subdomain.scw.krondor.fr   True    test.subdomain.scw.mydomain.com-tls     107s

[Nox-404]

Feel free to come ask around on the community slack on the #k8s channel

https://scaleway-community.slack.com/archives/CD9JPK4KF

[Nox-404]

Since there's been no response since November 2021, I'll close that issue.
Feel free to reopen if you need further assistance.