/certbot-route53

Let's Encrypt authenticator for route53

Primary LanguagePythonApache License 2.0Apache-2.0

Route53 plugin for Let's Encrypt client

Before you start

It's expected that the root hosted zone for the domain in question already exists in your account.

Setup

  1. Create a virtual environment

  2. Make sure you have libssl-dev (or your regional equivalent) installed. pycparser suffers from eliben/pycparser#148, which is why we need to recompile it, which depends on libssl-dev.

  3. Install by adding these to your requirements.txt file:

--no-binary pycparser
-e git+https://github.com/certbot/certbot.git#egg=certbot
-e git+https://github.com/certbot/certbot.git#egg=acme&subdirectory=acme
certbot-route53

We need DNS01 support in certbot, which is only available in master for now.

How to use it

Make sure you have access to AWS's Route53 service, either through IAM roles or via .aws/credentials.

To generate a certificate:

certbot certonly \
  -n --agree-tos --email DEVOPS@COMPANY.COM \
  -a certbot-route53:auth \
  -d MY.DOMAIN.NAME