Skip to content

noi/certbot-dns-lightsail

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

Badges:
- CircleCI latest build status
- PyPI latest version
- Supported Python versions
- License
dcf237a

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Amazon Lightsail DNS Authenticator Plugin for Certbot

CircleCI PyPI PyPI - Python Version GitHub - License

This plugin proves you have control over a domain by DNS-01 challenge to the Amazon Lightsail DNS.

Additional Arguments for Certbot

  • --authenticator dns-lightsail
    • Use this plugin as an authenticator. (required)
  • --dns-lightsail-propagation-seconds ${value}
    • The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 60, The default TTL for Amazon Lightsail DNS records is 60 seconds so I recommend to set a value greater than it)

Getting Started

Installation

Install this plugin using pip:

pip install certbot-dns-lightsail

Usage

This plugin requires AWS region and credential settings before it can be used. And the region must be us-east-1.

1. Create Access Key

Create an access key using IAM policy below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lightsail:CreateDomainEntry",
                "lightsail:DeleteDomainEntry"
            ],
            "Resource": "arn:aws:lightsail:us-east-1:${YOUR-ACCOUNT-ID}:Domain/${YOUR-DOMAIN-ID}"
        }
    ]
}

2. Create Setting Files

Create setting files below:

# ~/.aws/config
[default]
region=us-east-1

# ~/.aws/credentials
[default]
aws_access_key_id=${YOUR-ACCESS-KEY-ID}
aws_secret_access_key=${YOUR-SECRET-ACCESS-KEY}

3. Run Certbot

You are ready to run this plugin with Certbot!

For example, run command below to obtain a certificate using this plugin:

certbot certonly \
  --authenticator dns-lightsail \
  --dns-lightsail-propagation-seconds 70 \
  --non-interactive \
  --agree-tos \
  -m 'mail@example.com' \
  -d 'example.com' \
  -d '*.example.com'

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages