- https://nparry.com/2015/11/14/letsencrypt-cloudfront-s3.html
- https://letsencrypt.readthedocs.org/en/latest/using.html#letsencrypt-auto
- http://marketing.intracto.com/renew-https-certificate-on-amazon-cloudfront
- https://www.paulwakeford.info/2015/11/24/letsencrypt/
- https://keyes.ie/aws-upload-letsencrypt-certificate/#comment-2445607246
SUBDOMAIN="www.example.com"
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly -a manual --rsa-key-size 2048 -d $SUBDOMAIN
cd letsencrypt
SUBDOMAIN="www.example.com"
BUCKET="example-bucket-name"
SHORT_KEY="o41bDh1oD6xAoDhL4r3qw6gaFkPV2GY4tw-Pg_xxxxx"
LONG_KEY="o41bDh1oD6xAoDhL4r3qw6gaFkPV2GY4tw-Pg_ShEvM.4mWtK4TUCXpLj8efrHkV_ATTkf4iRxNx0rsw5xxxxxx"
printf "%s" $LONG_KEY > .well-known/acme-challenge/$SHORT_KEY
aws s3 cp .well-known/acme-challenge/$SHORT_KEY s3://$BUCKET/.well-known/acme-challenge/$SHORT_KEY --content-type text/plain
Check that upload works: curl -D - http://$SUBDOMAIN/.well-known/acme-challenge/$SHORT_KEY
- Finish the client app steps
sudo aws iam upload-server-certificate \
--server-certificate-name $SUBDOMAIN \
--certificate-body file:///etc/letsencrypt/live/$SUBDOMAIN/cert.pem \
--private-key file:///etc/letsencrypt/live/$SUBDOMAIN/privkey.pem \
--certificate-chain file:///etc/letsencrypt/live/$SUBDOMAIN/chain.pem \
--path /cloudfront/