Skip to content

Instantly share code, notes, and snippets.

@wokamoto

wokamoto/file1.txt

Last active December 19, 2016 07:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wokamoto/219e1e8d6ccadb5fb2744b9bf751b494 to your computer and use it in GitHub Desktop.
Save wokamoto/219e1e8d6ccadb5fb2744b9bf751b494 to your computer and use it in GitHub Desktop.
Download ZIP
[AWS] Let's Encrypt で更新した証明書を自動的にアップロードして ELB の SSL 証明書を入れ替える ref: http://qiita.com/wokamoto/items/5231923cb49081ff7d87
Raw
file1.txt
letsencrypt renew --renew-hook '/root/bin/upload-cert.sh'
Raw
file2.txt
letsencrypt renew --renew-hook '/root/bin/upload-cert.sh'
Raw
upload-cert.sh
#!/bin/bash
set -eux
_domain='example.com'
_elb_name='{ELB_NAME_HERE}'
_elb_port='443'
_cert_path="/${_domain}/"
_date=$(date +%Y%m%d-%H%M%S)
_cert_name="${_domain}-${_date}"
# 新しいSSL証明書をアップロード
cd /etc/letsencrypt/live/${_domain}/
aws iam upload-server-certificate \
--server-certificate-name ${_cert_name} \
--certificate-body file://cert.pem \
--private-key file://privkey.pem \
--certificate-chain file://chain.pem \
--path ${_cert_path}
# 新しいSSL証明書を ELB(classic) のリスナーにセット
sleep 60
_cert_arn=$(aws iam get-server-certificate --server-certificate-name ${_cert_name} | jq -r '.ServerCertificate.ServerCertificateMetadata.Arn')
aws elb set-load-balancer-listener-ssl-certificate \
--load-balancer-name ${_elb_name} \
--load-balancer-port ${_elb_port} \
--ssl-certificate-id ${_cert_arn}
# 古いSSL証明書を削除
_certs=$(aws iam list-server-certificates --path-prefix ${_cert_path} | jq -r '.ServerCertificateMetadataList[].ServerCertificateName')
for _cert in ${_certs}; do
if [ "${_cert_name}" != "${_cert}" ]; then
aws iam delete-server-certificate --server-certificate-name ${_cert}
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment