...
- Install certbot and the certbot Route 53 DNS plugin.
- E.g. for Ubuntu 22.04 using
aptCode Block apt-get install certbot python3-certbot-dns-route53
- E.g. for Ubuntu 22.04 using
- Configure AWS credentials that have permissions required by the Route 53 plugin.
- Set
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYenvironment variables or otherwise setup a profile in your~/.aws/configcredentials configuration file.
- Set
- Create a certificate using the certbot CLI. In the example below, the AWS profile with Route 53 privileges in the
dnsprofile:Code Block $ AWS_PROFILE=dns certbot certonly \ --non-interactive \ --dns-route53 \ --agree-tos \ --email abc123@cornell.edu \ --domain myserver.example.cucloud.net \ --cert-name mycert53 \ --verboseSaving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-route53, Installer None Requesting a certificate for myserver.example.cucloud.net Performing the following challenges: dns-01 challenge for myserver.example.cucloud.net Waiting for verification... Cleaning up challenges Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/mycert53/fullchain.pem Key is saved at: /etc/letsencrypt/live/mycert53/privkey.pem This certificate expires on 2024-09-01. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
Notes
- The record that certbot creates in Route 53 seems to be automatically deleted once the certificate is validated.
- Certbot certificates validated with Route 53 have a 3-month lifespan.
- Certbot can optionally, automatically configure/install certificates for several types of web servers. The example here uses certbot just to create/renew certificates but see certbot documentation for web server integration options.
...