> For the complete documentation index, see [llms.txt](https://saveyourtime.gitbook.io/saveyourtime/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://saveyourtime.gitbook.io/saveyourtime/backend/setup-certbot-with-route53-on-ubuntu-20.04.md).

# Setup Certbot with route53 on Ubuntu 20.04

#### Ensure that you have the latest version of snapd

```
sudo snap install core; sudo snap refresh core
```

#### Remove certbot-auto and any Certbot OS packages

```
sudo apt-get remove certbot
```

#### Install Certbot

```
sudo snap install --classic certbot
```

#### Prepare the Certbot command

```
sudo ln -s /snap/bin/certbot /usr/bin/certbot
```

#### Confirm plugin containment level

```
sudo snap set certbot trust-plugin-with-root=ok
```

#### Install correct DNS plugin

```
sudo snap install certbot-dns-route53
```

{% hint style="info" %}
Find your DNS plugin: <https://certbot.eff.org/docs/using.html#dns-plugins>
{% endhint %}

#### Set up credentials

{% code title="CertbotDnsRoute53Policy" %}

```
{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
            ]
        }
    ]
}
```

{% endcode %}

{% hint style="info" %}
Replace `YOURHOSTEDZONEID` with your `hosted-zone-id`
{% endhint %}

![](/files/-MVBeM_kiza3VAR51J_J)

![](/files/-MVBdhh5Ahln_ekTDOyR)

#### Link Policy to IAM Role and Attach Role to your EC2

![](/files/-MVBg1QLlLaDUkztxBTt)

#### Get a certificate

```
certbot certonly \
  --dns-route53 \
  -d codetorich.com \
  -d *.codetorich.com
```

{% hint style="info" %}
Your certificate file would be placed to `/etc/letsencrypt/live`
{% endhint %}

{% embed url="<https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx>" %}

{% embed url="<https://certbot-dns-route53.readthedocs.io/en/stable/>" %}
