Route53 plugin for Let's Encrypt client
Before you start
It's expected that the root hosted zone for the domain in question already exists in your account.
Create a virtual environment
Update its pip and setuptools (
VENV/bin/pip install -U setuptools pip) to avoid problems with cryptography's dependency on setuptools>=11.3.
Make sure you have libssl-dev and libffi (or your regional equivalents) installed. You might have to set compiler flags to pick things up (I have to use
CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/libon my macOS to pick up brew's openssl, for example).
Install this package.
How to use it
Make sure you have access to AWS's Route53 service, either through IAM roles or
.aws/credentials. Check out
sample-aws-policy.json for the necessary permissions.
To generate a certificate:
certbot certonly \ -n --agree-tos --email DEVOPS@COMPANY.COM \ --dns-route53 \ -d MY.DOMAIN.NAME