Select Page
Let’s Encrypt wildcard certificate configuration with AWS Route 53 DNS by @Sharl…

Let’s Encrypt wildcard certificate configuration with AWS Route 53 DNS by @Sharl…

Source by Cristian O. Balan

In a nutshell:

mkdir ~/.aws
nano ~/.aws/credentials
#[default]
#aws_access_key_id = ABC
#aws_secret_access_key = XYZ
chmod 400 ~/.aws/credentials
chmod 500 ~/.aws
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update && apt install python-certbot-nginx python-pip python-asn1crypto python-certifi python-cffi-backend python-cryptography python-enum34 python-idna python-ipaddress
pip install --upgrade pip
certbot --version
pip install certbot_dns_route53==0.26.1
mkdir -p /opt/letsencrypt/config
mkdir -p /opt/letsencrypt/log
mkdir -p /opt/letsencrypt/work
certbot certonly -d hosting.oviliz.com --dns-route53 --logs-dir /opt/letsencrypt/log/ --config-dir /opt/letsencrypt/config/ --work-dir /opt/letsencrypt/work/ -m [email protected] --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory
/usr/local/bin/certbot renew --dns-route53 --logs-dir /opt/letsencrypt/log/ --config-dir /opt/letsencrypt/config/ --work-dir /opt/letsencrypt/work/ --non-interactive --server https://acme-v02.api.letsencrypt.org/directory --post-hook "service nginx reload"

Or if you’re using DNS Made Easy:

#...
nano ~/.dnsmadeeasy/credentials
#dns_dnsmadeeasy_api_key = ABC
#dns_dnsmadeeasy_secret_key = XYZ
#...
certbot certonly -d hosting.oviliz.com --dns-dnsmadeeasy --dns-dnsmadeeasy-credentials ~/.dnsmadeeasy/credentials --logs-dir /opt/letsencrypt/log/ --config-dir /opt/letsencrypt/config/ --work-dir /opt/letsencrypt/work/ -m [email protected] --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory
/usr/local/bin/certbot renew --dns-route53 --logs-dir /opt/letsencrypt/log/ --config-dir /opt/letsencrypt/config/ --work-dir /opt/letsencrypt/work/ --non-interactive --server https://acme-v02.api.letsencrypt.org/directory --post-hook "service nginx reload"

The same concept can be obviously applied with Cloudflare and so on.