Creating wildcard ssl with certbot on AWS

aws-metadata.sh

#!/bin/bash

set -e

# Set environment variables
export AWS_IAM_ROLE=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/" 2>/dev/null)

if [ "${AWS_IAM_ROLE}" ]; then
  export AWS_ACCESS_KEY_ID=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .AccessKeyId)
  export AWS_SECRET_ACCESS_KEY=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .SecretAccessKey)
  export AWS_SECURITY_TOKEN=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .Token)
fi

echo "[default]" > ~/.aws/config
echo "region=us-east-1" >> ~/.aws/config
echo "output=json" >> ~/.aws/config
echo "aws_access_key_id=${AWS_ACCESS_KEY_ID}" >> ~/.aws/config
echo "aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}" >> ~/.aws/config
echo "aws_session_token=${AWS_SECURITY_TOKEN}" >> ~/.aws/config

echo "Credentials saved!"

certbot-renew.sh

#!/bin/bash

./aws-metadata.sh

docker run -it --rm --name certbot \
--env AWS_CONFIG_FILE=/etc/aws-config \
-v "/home/ec2-user/.aws/config:/etc/aws-config" \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/dns-route53 renew

certbot.sh

#!/bin/bash

./aws-metadata.sh

docker run -it --rm --name certbot \
--env AWS_CONFIG_FILE=/etc/aws-config \
-v "/home/ec2-user/.aws/config:/etc/aws-config" \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/dns-route53 certonly --server https://acme-v02.api.letsencrypt.org/directory