- Ensure your domain is already managed by route53
- Ensure you have IAM with the policy, described in examples/sample-aws-policy.json.
- Note that it requires less privileges than the original dns-route53 plugin.
- Prepare correspondences the hosted zone ids and domains which you want to obtain certificates.
-
Create a virtual environment
-
Update its pip and setuptools (
VENV/bin/pip install -U setuptools pip) to avoid problems with cryptography's dependency on setuptools>=11.3. -
Make sure you have libssl-dev and libffi (or your regional equivalents) installed. You might have to set compiler flags to pick things up (I have to use
CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/libon my macOS to pick up brew's openssl, for example). -
Install this package.
Make sure you have access to AWS's Route53 service, either through IAM roles or
via .aws/credentials. Check out
sample-aws-policy.json for the necessary permissions.
To generate a certificate:
certbot certonly \
-n --agree-tos --email [email protected] \
--authenticator 'dns-route53-less' \
--dns-route53-less-zone-ids 'example.com=(hosted zone id),example.org=(hosted zone id)'
-d 'example.com' -d '*.example.com' \
-d 'example.org' -d '*.example.org'