Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let's Encrypt and was previously known as "the official Let’s Encrypt client" or "the Let’s Encrypt Python client." Certbot will also work with any other CAs that support the ACME protocol.
This certbot docker image is inspired by pslobo/dockerized-certbot and pierreprinetti/certbot.
The installation of certbot and the route53 plugin is from pslobo and the script to create the certificates from pierreprinetti.
do this in this files:
- Dockerfile
- docker-build.sh
- star.mfg.otaya.letsencrypt.update.sh
./docker-build.sh
docker volume create --name nginx-certs
Create a IAM user to set up the DNS challenge. This policy seems to do the job:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/YOUR-HOSTED-ZONE-ID"
]
}
]
}
Create the file aws-env with your IAMs user id and secret and other settings:
AWS_ACCESS_KEY_ID="....."
AWS_SECRET_ACCESS_KEY="......"
And a env file with the email and the domains to create certs for:
DOMAINS="...."
EMAIL="..."
star.mfg.otaya.letsencrypt.update.sh
Now watch the bot to do the work :)
- 80
- 443
/etc/letsencrypt