# Setup Certbot with route53 on Ubuntu 20.04

#### Ensure that you have the latest version of snapd

```
sudo snap install core; sudo snap refresh core
```

#### Remove certbot-auto and any Certbot OS packages

```
sudo apt-get remove certbot
```

#### Install Certbot

```
sudo snap install --classic certbot
```

#### Prepare the Certbot command

```
sudo ln -s /snap/bin/certbot /usr/bin/certbot
```

#### Confirm plugin containment level

```
sudo snap set certbot trust-plugin-with-root=ok
```

#### Install correct DNS plugin

```
sudo snap install certbot-dns-route53
```

{% hint style="info" %}
Find your DNS plugin: <https://certbot.eff.org/docs/using.html#dns-plugins>
{% endhint %}

#### Set up credentials

{% code title="CertbotDnsRoute53Policy" %}

```
{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
            ]
        }
    ]
}
```

{% endcode %}

{% hint style="info" %}
Replace `YOURHOSTEDZONEID` with your `hosted-zone-id`
{% endhint %}

![](https://3346773804-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB9_-JlsKGrVkwNqqpR%2F-MVB_ny2SSDu3f8Ilmua%2F-MVBeM_kiza3VAR51J_J%2Fconsole.aws.amazon.com_iam_home%20\(1\).png?alt=media\&token=27247dad-4c73-4529-81d5-4a712d725337)

![](https://3346773804-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB9_-JlsKGrVkwNqqpR%2F-MVB_ny2SSDu3f8Ilmua%2F-MVBdhh5Ahln_ekTDOyR%2Fconsole.aws.amazon.com_route53_v2_hostedzones.png?alt=media\&token=ab06726c-c369-49d9-bf60-51bc42b1d5ce)

#### Link Policy to IAM Role and Attach Role to your EC2

![](https://3346773804-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MB9_-JlsKGrVkwNqqpR%2F-MVB_ny2SSDu3f8Ilmua%2F-MVBg1QLlLaDUkztxBTt%2Fconsole.aws.amazon.com_iam_home_region%3Dap-northeast-1.png?alt=media\&token=9f5e6d55-d0cd-44d0-83ee-ec35ed330fb5)

#### Get a certificate

```
certbot certonly \
  --dns-route53 \
  -d codetorich.com \
  -d *.codetorich.com
```

{% hint style="info" %}
Your certificate file would be placed to `/etc/letsencrypt/live`
{% endhint %}

{% embed url="<https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx>" %}

{% embed url="<https://certbot-dns-route53.readthedocs.io/en/stable/>" %}