This shell script helps create Let's Encrypt certificates for AWS Route53. It uses Certbot to automate certificate requests, and the AWS CLI to automate DNS challenge record creation.
-
Install Certbot and the AWS CLI. You can use Homebrew (
brew install awscli certbot) or pip (pip install boto3 certbot). -
Configure the AWS CLI. Your account must have permission to list and update Route53 records.
-
Download the certbot-route53.sh script.
mkdir my-certificates cd my-certificates curl -sL https://git.io/vylLx -o certbot-route53.sh chmod a+x certbot-route53.sh -
Run the script with your (comma-separated) domain(s) and email address:
sh certbot-route53.sh \ --agree-tos \ --manual-public-ip-logging-ok \ --domains jed.is,www.jed.is \ --email $(git config user.email) -
Wait patiently (usually about two minutes) while, for each domain requested:
- Certbot asks Let's Encrypt for a DNS validation challenge string,
- AWS CLI asks Route53 to create a domain TXT record with the challenge value,
- Let's Encrypt validates the TXT record and returns a certificate, and finally
- AWS CLI asks Route53 to delete the TXT record.
-
Find your new certificate(s) in the
letsencrypt/livedirectory.
