I’ve been running into this issue often enough and I seem to never remember where to add the environment variables. So, here’s a note to my future self.

To set the AWS credentials in the environment variables, follow these steps:

sudo vim /lib/systemd/system/caddy.service

[Service]
Environment="AWS_ACCESS_KEY_ID={YOUR_ID}"
Environment="AWS_SECRET_ACCESS_KEY={YOUR_SECRET}"

When Caddy is built with the Route53 module, it will pick up the credentials from the environment variables and manage the certificate challenge using DNS.

The module itself can also be configured with the AWS credentials. You can find more information on this here.