support .aws/config and profiles #458
Comments
JohannesEbke
added a commit
to JohannesEbke/lego
that referenced
this issue
Apr 12, 2018
This was referenced Apr 12, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Attempting to use lego with a profile or STS token fails:
2017/12/27 14:03:59 [INFO][XXXX] acme: Obtaining bundled SAN certificate
2017/12/27 14:04:00 [INFO][XXXX] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/G4361QrN11c0XXXXXXXXXXXXX_Xa6dy_1tT9xRAbYc
2017/12/27 14:04:00 [INFO][XXXX] acme: Could not find solver for: tls-sni-01
2017/12/27 14:04:00 [INFO][XXXX] acme: Trying to solve DNS-01
2017/12/27 14:04:13 [utility.sre.spoken.com] Could not obtain certificates
Error presenting token: Failed to determine Route 53 hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
(In the same environment, the aws cli with a --profile works fine)
There is some literature for other projects that suggests setting AWS_SDK_LOAD_CONFIG=1 in the environment will help, but it failed for me, with the error as above.
In our particular environment, we use awsmfa to generate a short-term STS token, then use it on our master aws account to adopt a cross-account role in the account that serves route53 for us.
As a workaround, I simply made a local account in our route53-serving sub-account, and expose those credentials in the environment via a wrapper script.
The text was updated successfully, but these errors were encountered: