Skip to content

cwedgwood/certbot-aws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

cwedgwood/certbot-aws

EFF's Certbot packaged with support for Amazon Route53. Obtain from https://hub.docker.com/r/cwedgwood/certbot-aws/.

This container is useful for obtaining certificates using DNS-01 (for example to get wildcard certificates) and also renewal without having to install certbot (and it's numerous dependencies).

To obtain a certificate

Certificates can be obtained using the certonly command, listing each domain after the -d comment, for example:

docker run --rm -ti \
        -e AWS_ACCESS_KEY_ID=xxx -e AWS_SECRET_ACCESS_KEY=yyy \
        -v /etc/letsencrypt:/etc/letsencrypt \
        -v /var/log/letsencrypt:/var/log/letsencrypt \
        cwedgwood/certbot-aws certonly \
            --installer none --authenticator dns-route53 --non-interactive \
            -d 'example.org' \
            --agree-tos -m [email protected]

It is important to persist /etc/letsencrypt from inside the container - it contains the files you want to make use of such as your certificates. It's a good idea to also persist /var/log/letsencrypt as well, those files will contain useful information when things go wrong.

To renew

To renew certificates:

docker run --rm -ti \
    -e AWS_ACCESS_KEY_ID=xxx -e AWS_SECRET_ACCESS_KEY=yyy \
    -v /etc/letsencrypt:/etc/letsencrypt \
    -v /var/log/letsencrypt:/var/log/letsencrypt \
    cwedgwood/certbot-aws renew

When doing it from cron you probably want to suppress output, by adding -q:

docker run --rm -ti \
    -e AWS_ACCESS_KEY_ID=xxx -e AWS_SECRET_ACCESS_KEY=yyy \
    -v /etc/letsencrypt:/etc/letsencrypt \
    -v /var/log/letsencrypt:/var/log/letsencrypt \
    cwedgwood/certbot-aws renew -q

Alternatively

Consider using the aws/boto credential file (typically ~/.aws/credentials) with optional AWS_PROFILE:

docker run --rm -ti \
    -v /etc/letsencrypt:/etc/letsencrypt \
    -v $HOME/.aws/credentials:/root/.aws/credentials \
    -v /var/log/letsencrypt:/var/log/letsencrypt \
    -e AWS_PROFILE=certbot \
    cwedgwood/certbot-aws renew -q

Testing AWS/route53 access is working

In some cases it's not clear that access to AWS/route53 is working. Test the boto library by doing:

docker run --rm -ti \
    -e AWS_ACCESS_KEY_ID=xxx -e AWS_SECRET_ACCESS_KEY=yyy \
    -v /etc/letsencrypt:/etc/letsencrypt \
    -v /var/log/letsencrypt:/var/log/letsencrypt \
    --entrypoint=/bin/sh \
    cwedgwood/certbot-aws -c aws "route53 list-hosted-zones"

About

EFF's Certbot with AWS/route53 support

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

18 tags

Packages

No packages published

Languages