You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attempting to use lego with a profile or STS token fails:
2017/12/27 14:03:59 [INFO][XXXX] acme: Obtaining bundled SAN certificate
2017/12/27 14:04:00 [INFO][XXXX] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/G4361QrN11c0XXXXXXXXXXXXX_Xa6dy_1tT9xRAbYc
2017/12/27 14:04:00 [INFO][XXXX] acme: Could not find solver for: tls-sni-01
2017/12/27 14:04:00 [INFO][XXXX] acme: Trying to solve DNS-01
2017/12/27 14:04:13 [utility.sre.spoken.com] Could not obtain certificates
Error presenting token: Failed to determine Route 53 hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
(In the same environment, the aws cli with a --profile works fine)
There is some literature for other projects that suggests setting AWS_SDK_LOAD_CONFIG=1 in the environment will help, but it failed for me, with the error as above.
In our particular environment, we use awsmfa to generate a short-term STS token, then use it on our master aws account to adopt a cross-account role in the account that serves route53 for us.
As a workaround, I simply made a local account in our route53-serving sub-account, and expose those credentials in the environment via a wrapper script.
The text was updated successfully, but these errors were encountered:
Attempting to use lego with a profile or STS token fails:
2017/12/27 14:03:59 [INFO][XXXX] acme: Obtaining bundled SAN certificate
2017/12/27 14:04:00 [INFO][XXXX] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/G4361QrN11c0XXXXXXXXXXXXX_Xa6dy_1tT9xRAbYc
2017/12/27 14:04:00 [INFO][XXXX] acme: Could not find solver for: tls-sni-01
2017/12/27 14:04:00 [INFO][XXXX] acme: Trying to solve DNS-01
2017/12/27 14:04:13 [utility.sre.spoken.com] Could not obtain certificates
Error presenting token: Failed to determine Route 53 hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
(In the same environment, the aws cli with a --profile works fine)
There is some literature for other projects that suggests setting AWS_SDK_LOAD_CONFIG=1 in the environment will help, but it failed for me, with the error as above.
In our particular environment, we use awsmfa to generate a short-term STS token, then use it on our master aws account to adopt a cross-account role in the account that serves route53 for us.
As a workaround, I simply made a local account in our route53-serving sub-account, and expose those credentials in the environment via a wrapper script.
The text was updated successfully, but these errors were encountered: