Certbot with DNS verification and AWS route53 plugin

gogocertbot.sh

#!/bin/bash

# run these first to install certbot globally with the route53 plugin
# $ sudo apt install python-setuptools
# $ sudo easy_install pip
# $ sudo -H pip install certbot-dns-route53

# verify the route53 plugin is present
# $ certbot plugins

# now create some credentials from AWS and copy here
# - https://github.com/certbot/certbot/tree/master/certbot-dns-route53
# - https://github.com/certbot/certbot/blob/master/certbot-dns-route53/examples/sample-aws-policy.json

export AWS_ACCESS_KEY_ID="accesskeyhere"

export AWS_SECRET_ACCESS_KEY="secretkeyhere"

certbot certonly -n --agree-tos --email you@example.com --dns-route53 -d whatever.example.com -d whatever2.example.co.uk

# if you have used root keys, delete script from server and keys from AWS now

its been a while so after installing, you can go for certbot certonly --dns-route53 -d *.example.com and follow the prompts if there are any, don't need the mumbo jumbo to get the wildcard

Don't forget that webroot is still a valid way of doing things

certbot certonly --webroot --webroot-path /org/websites/user/example.com/www/public_html/ -d example.com -d www.example.com

and that the order of the certificates will be used for the directory so leave www. to the end 😉

Some commands for upgrades

sudo pip install --upgrade pip

pip list

sudo -H pip install certbot certbot-dns-route53 --upgrade

don't forget to use pip3 and if you're updating, you should also pip3 install requests --upgrade apparently