fix: create missing validation records in cases (eg, wildcard SAN) (#89)

Author: flora-five

README.md

@@ -7,7 +7,7 @@ Terraform module which creates ACM certificates and validates them using Route53
 ```hcl
 module "acm" {
   source  = "terraform-aws-modules/acm/aws"
-  version = "~> v3.0"
+  version = "~> 3.0"
 
   domain_name  = "my-domain.com"
   zone_id      = "Z2ES7B9AZ6SHAE"

examples/complete-dns-validation/main.tf

@@ -30,6 +30,7 @@ module "acm" {
     "*.alerts.${local.domain_name}",
     "new.sub.${local.domain_name}",
     "*.${local.domain_name}",
+    "alerts.${local.domain_name}",
   ]
 
   wait_for_validation = true

main.tf

@@ -4,8 +4,13 @@ locals {
     [for s in concat([var.domain_name], var.subject_alternative_names) : replace(s, "*.", "")]
   )
 
-  # Copy domain_validation_options for the distinct domain names
-  validation_domains = var.create_certificate ? [for k, v in aws_acm_certificate.this[0].domain_validation_options : tomap(v) if contains(local.distinct_domain_names, replace(v.domain_name, "*.", ""))] : []
+  # Get the list of distinct domain_validation_options, with wildcard
+  # domain names replaced by the domain name
+  validation_domains = var.create_certificate ? distinct(
+    [for k, v in aws_acm_certificate.this[0].domain_validation_options : merge(
+      tomap(v), { domain_name = replace(v.domain_name, "*.", "") }
+    )]
+  ) : []
 }
 
 resource "aws_acm_certificate" "this" {