Certbot Amazon Linux

README.md

Taking from here:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html#install

install certbot into AMI linux 2

sudo ./install-certbot.sh

configure your ~/.aws/config

set with aws_access_key_id and aws_secret_access_key user should have policy.json permissions

[default]
output = json
region = us-east-2
aws_access_key_id=AAAAAAAAAAAAAAAAAAAA
aws_secret_access_key=JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ

query letsencrypt with certbot and get certificates

sudo ./add-domain.sh your-domain.com

configure nginx and reload config

sudo vim /etc/nginx/nginx.conf
sudo service nginx reload

add-domain.sh

certbot certonly --dns-route53 -d '*.$1' -i nginx

install-certbot.sh

#/bin/bash

#install certbot
sudo wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
sudo yum-config-manager --enable epel*
sudo yum repolist all
sudo yum install -y certbot python2-certbot-apache
sudo yum install -y certbot-dns-route53

policy.json

{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
            ]
        }
    ]
}