...
- Install certbot and the certbot Route 53 DNS plugin.
- E.g. for Ubuntu 22.04 using
apt
Code Block apt-get install certbot python3-certbot-dns-route53
- E.g. for Ubuntu 22.04 using
- Configure AWS credentials that have permissions required by the Route 53 plugin.
- Set
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
environment variables or otherwise setup a profile in your~/.aws/config
credentials configuration file.
- Set
- Create a certificate using the certbot CLI. In the example below, the AWS profile with Route 53 privileges in the
dns
profile:Code Block $ AWS_PROFILE=dns certbot certonly \ --non-interactive \ --dns-route53 \ --agree-tos \ --email abc123@cornell.edu \ --domain myserver.example.cucloud.net \ --cert-name mycert53 \ --verboseSaving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-route53, Installer None Requesting a certificate for myserver.example.cucloud.net Performing the following challenges: dns-01 challenge for myserver.example.cucloud.net Waiting for verification... Cleaning up challenges Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/mycert53/fullchain.pem Key is saved at: /etc/letsencrypt/live/mycert53/privkey.pem This certificate expires on 2024-09-01. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
...
Notes
- Certbot certificates validated with Route 53 have a 3-month lifespan.
- Certbot can optionally, automatically configure/install certificates for several types of web servers. The example here uses certbot just to create/renew certificates.
Renewal
You will need to ensure that the scheduled task that cerbot
creates on your system can run successfully to ensure the certificate is renewed automatically, or you will need to trigger renewal some other way before your certificate expires.
...