Create an AWS ec2 instance. Create a route53 record. Create and elb.
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
Run cli tool (not debug flag as Amazon AMI was in development at time of writing.
./letsencrypt-auto certonly --manual --debug
Enter the domain names you want certs for seperated by comma or space.
Choose to have your IP publically logged.
Now you are given a challenge to complete. Completing the challenge proves to letsencrypt that you have control of the server. The way I completed this was to install node and http-server.
curl --silent --location https://rpm.nodesource.com/setup_7.x | sudo bash -
yum -y install nodejs
Install http-server.
npm install http-server -g
Now create dir location letsencrypt specified.
mkdir -p .well-known/acme-challenge/[SOME-NAME]/
Create a file and serve it on port 80
ehco '[SOME-DATA]' > .well-known/acme-challenge/[SOME-NAME]/index.html
cd .well-known/acme-challenge/[SOME-NAME]
http-server -p 80
Make sure to open port 80 on you instance via security groups.
If you gave your ec2 instance permissions to upload iam creds.
You can do this directly, otherwise copy the creds to local and upload them to EC2.
sudo cp -L -r /etc/letsencrypt/live/test.blairvanderlugt.com/ ~
scp -i ~/Downloads/letsencrypt-test.pem -r ec2-user@34.213.69.216:test.blairvanderlugt.com/ .
Note The AWS IAM cert manager console does not have this functionality so got to use cli.
aws iam upload-server-certificate --server-certificate-name NAME-OF-CERT \
--certificate-body file://cert.pem \
--certificate-chain file://chain.pem \
--private-key file://privkey.pem \
Now you got your certs in AWS and can assign them to ELB and other AWS services.
Go to your ELB -> edit listener -> select https (443) -> Under SSL Certificate select "change" -> Choose an existing certificate from AWS Identity and Access Management (IAM)) -> select the cert name from previous step.
Don't forget to open security ports on the load balancer to accept ingress on 443
Done!
Done!