Setup Certbot with route53 on Ubuntu 20.04

Ensure that you have the latest version of snapd

sudo snap install core; sudo snap refresh core

Remove certbot-auto and any Certbot OS packages

sudo apt-get remove certbot

Install Certbot

sudo snap install --classic certbot

Prepare the Certbot command

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Confirm plugin containment level

sudo snap set certbot trust-plugin-with-root=ok

Install correct DNS plugin

sudo snap install certbot-dns-route53

Find your DNS plugin: https://certbot.eff.org/docs/using.html#dns-plugins

Set up credentials

CertbotDnsRoute53Policy

{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
            ]
        }
    ]
}

Replace YOURHOSTEDZONEID with your hosted-zone-id

Link Policy to IAM Role and Attach Role to your EC2

Get a certificate

certbot certonly \
  --dns-route53 \
  -d codetorich.com \
  -d *.codetorich.com

Your certificate file would be placed to /etc/letsencrypt/live

| Certboteff

Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation

PreviousInstall MySQL on Ubuntu NextConfigure a Nginx HTTPS Reverse Proxy

Last updated 4 years ago

Was this helpful?