Last active
March 19, 2025 10:29
This is a shell script for issuing SSL certificates with ACM (Amazon Certificate Manager).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| if [ $# != 3 ] || [ "$1" = "" ] || [ "$2" = "" ] || [ "$3" = "" ]; then | |
| echo -e "Three parameters are required | |
| 1st - string: Hosted Domain Name on Route 53 (e.g. example.com) | |
| 2nd - string: Domain Name for Certificate (e.g. sub.mexample.com) | |
| 3rd - string: Target Region (e.g. us-east-1) | |
| example command | |
| \t sh ./issue-acm-certificate.sh example.com sub.example.com" | |
| exit | |
| fi | |
| HOSTED_DOMAIN=$1 | |
| TARGET_DOMAIN=$2 | |
| REGION=$3 | |
| NONE="None" | |
| request_certificate() { | |
| # request certificate | |
| echo "Request certificate for '${TARGET_DOMAIN}' to ACM." | |
| CERT_ARN=$( | |
| aws acm request-certificate \ | |
| --domain-name "${TARGET_DOMAIN}" \ | |
| --validation-method DNS \ | |
| --region "${REGION}" \ | |
| --output text | |
| ) && | |
| sleep 5 && | |
| echo -e "\t CERT_ARN = ${CERT_ARN}" | |
| } | |
| if ! request_certificate; then | |
| echo "Failed to request certificate." | |
| exit 1 | |
| fi | |
| get_recordset_info() { | |
| # Get record set for domain validation | |
| echo "Get record set to validate domain in Route 53." | |
| VALIDATION_RECORD_NAME=$( | |
| aws acm describe-certificate \ | |
| --certificate-arn "${CERT_ARN}" \ | |
| --query "Certificate.DomainValidationOptions[0].ResourceRecord.Name" \ | |
| --region "${REGION}" \ | |
| --output text | |
| ) && | |
| echo -e "\t VALIDATION_RECORD_NAME = ${VALIDATION_RECORD_NAME}" | |
| VALIDATION_RECORD_VALUE=$( | |
| aws acm describe-certificate \ | |
| --certificate-arn "${CERT_ARN}" \ | |
| --query "Certificate.DomainValidationOptions[0].ResourceRecord.Value" \ | |
| --region "${REGION}" \ | |
| --output text | |
| ) && | |
| echo -e "\t VALIDATION_RECORD_VALUE = ${VALIDATION_RECORD_VALUE}" | |
| HOSTED_ZONE_ID=$( | |
| aws route53 list-hosted-zones \ | |
| --query "HostedZones[?Name=='${HOSTED_DOMAIN}.'].Id" \ | |
| --output text | |
| ) && | |
| echo -e "\t HOSTED_ZONE_ID = ${HOSTED_ZONE_ID}" | |
| if [ "$VALIDATION_RECORD_NAME" == $NONE ] || [ "$VALIDATION_RECORD_VALUE" == $NONE ] || [ "$HOSTED_DOMAIN" == $NONE ]; then | |
| exit 1 | |
| fi | |
| } | |
| if ! get_recordset_info; then | |
| echo "Failed to get the parameters required for domain validation." | |
| exit 1 | |
| fi | |
| change_record_set() { | |
| # Change resource record set for domain validation at Route 53 | |
| echo "Change resource record set for domain validation at Route 53." | |
| CHANGE_ID=$( | |
| aws route53 change-resource-record-sets \ | |
| --hosted-zone-id "${HOSTED_ZONE_ID}" \ | |
| --change-batch \ | |
| "{ | |
| \"Changes\": [ | |
| { | |
| \"Action\": \"CREATE\", | |
| \"ResourceRecordSet\": { | |
| \"Name\": \"${VALIDATION_RECORD_NAME}\", | |
| \"Type\": \"CNAME\", | |
| \"TTL\": 300, | |
| \"ResourceRecords\": [{\"Value\": \"${VALIDATION_RECORD_VALUE}\"}] | |
| } | |
| } | |
| ] | |
| }" \ | |
| --query "ChangeInfo.Id" \ | |
| --output text | |
| ) && | |
| echo -e "\t Change ID : ${CHANGE_ID}\n" | |
| } | |
| if ! change_record_set; then | |
| echo "Failed to change resource record set for domain validation." | |
| exit 1 | |
| fi | |
| echo -e "\nFinished to request certificate and create record set to validate domain. | |
| Please run command bellow to check validation status. | |
| aws acm describe-certificate \\ | |
| --certificate-arn ${CERT_ARN} \\ | |
| --query \"Certificate.DomainValidationOptions[0].ValidationStatus\" \\ | |
| --region ${REGION} \\ | |
| --output text" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Useful script to generate certificate