Certbot with Route53 for non public sites

How to update a password protected site's Let's encrypt SSL certificate via certbot

By default, certbot updates SSL certificates managed via Let's encrypt by adding the challenge file to the web server.

Let's encrypt also supports adding the challenge to DNS, too and the certbot-route53 plugin allows this if your domain is managed through AWS Route53.
You can use it for just one of your domains/FQDNs, and certbot will remember your choice the next time it auto-renews the domain.

To make this happen, follow the instructions on the plugin page to authorize the AWS credentials: remember that these need to be the default credentials for your aws CLI.

Make sure to add the required environment variables to have the aws command available, and for it to retrieve the credentials, in my case (since the crontab command is run by root):

export PATH="$HOME/bin":/mnt/opt/nicola/aws/bin:$PATH
export AWS_CONFIG_FILE=/home/nicola/.aws/config
export AWS_SHARED_CREDENTIALS_FILE=/home/nicola/.aws/credentials

The command you need to run is:

certbot certonly -d <FQDN>     --manual-auth-hook certbot-route53.sh \
    --manual-cleanup-hook certbot-route53.sh \
    --preferred-challenge dns

Naviga

OpenID Login: OpenID URL

Link Utili

Original site

Jellyfin

Free videoconferencing with Jitsi

Google