Skip to content
This repository has been archived by the owner on Jan 26, 2021. It is now read-only.

car-throttle/certbot-route53

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

certbot-route53.sh

certbot-route53.sh

 
 

Repository files navigation

certbot-route53

This shell script helps create Let's Encrypt certificates for AWS Route53. It uses Certbot to automate certificate requests, and the AWS CLI to automate DNS challenge record creation.

Manual installation & usage

  1. Install Certbot and the AWS CLI. You can use Homebrew (brew install awscli certbot) or pip (pip install boto3 certbot).

  2. Configure the AWS CLI. Your account must have permission to list and update Route53 records.

  3. Download the certbot-route53.sh script.

mkdir my-certificates
cd my-certificates
curl -sL https://git.io/vylLx -o certbot-route53.sh
chmod a+x certbot-route53.sh
  1. Run the script with your (comma-separated) domain(s) and email address:
sh certbot-route53.sh \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains jed.is,www.jed.is \
  --email $(git config user.email)
  1. Wait patiently (usually about two minutes) while, for each domain requested:
  • Certbot asks Let's Encrypt for a DNS validation challenge string,
  • AWS CLI asks Route53 to create a domain TXT record with the challenge value,
  • Let's Encrypt validates the TXT record and returns a certificate, and finally
  • AWS CLI asks Route53 to delete the TXT record.
  1. Find your new certificate(s) in the letsencrypt/live directory.

terminal

Using Docker

You can optionally use Docker to avoid installing all the necessary build tools & jump straight into authenticating certificates. This assumes that (a) you have installed Docker, (b) you have done step 2 above (either by installing the AWS-CLI manually or using an AWS-CLI Docker container to configure your machine) and (c) have your AWS configuration files at ~/.aws as standard.

$ git clone https://github.com/car-throttle/certbot-route53
$ cd certbot-route53 && docker build -t certbot-route53:latest .
$ mkdir -p $PWD/letsencrypt
$ docker run -it --rm -v $HOME/.aws:/root/.aws:ro -v $PWD/letsencrypt:/root/letsencrypt \
  certbot-route53:latest certbot-route53.sh \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains jed.is,www.jed.is \
  --email $(git config user.email)

You'll find your certificate(s) in letsencrypt/live directory too 😉

And to renew:

$ docker run -it --rm -v $HOME/.aws:/root/.aws:ro -v $PWD/letsencrypt:/root/letsencrypt \
  certbot-route53:latest certbot-route53.sh renew

About

Creating Lets Encrypt certificates using Docker containers & Route53 DNS verification

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%