NOTE: If you're already using Route53, you're propbably better off using AWS Certificate Manager, which was released after this script.
This shell script helps create Let's Encrypt certificates for AWS Route53. It uses Certbot to automate certificate requests, and the AWS CLI to automate DNS challenge record creation.
-
Install Certbot and the AWS CLI. You can use Homebrew (
brew install awscli certbot
) or pip (pip install awscli certbot
). -
Configure the AWS CLI. Your account must have permission to list and update Route53 records.
-
Download the certbot-route53.sh script.
mkdir my-certificates cd my-certificates curl -sL https://git.io/vylLx -o certbot-route53.sh chmod a+x certbot-route53.sh
-
Run the script with your (comma-separated) domain(s) and email address:
sh certbot-route53.sh \ --agree-tos \ --manual-public-ip-logging-ok \ --domains jed.is,www.jed.is \ --email $(git config user.email)
-
Wait patiently (usually about two minutes) while, for each domain requested:
- Certbot asks Let's Encrypt for a DNS validation challenge string,
- AWS CLI asks Route53 to create a domain TXT record with the challenge value,
- Let's Encrypt validates the TXT record and returns a certificate, and finally
- AWS CLI asks Route53 to delete the TXT record.
-
Find your new certificate(s) in the
letsencrypt/live
directory.