Created
July 22, 2018 05:43
-
-
Save chrisenytc/16f2cbd8bfcd6d649d5f3b332684ce84 to your computer and use it in GitHub Desktop.
Creating wildcard ssl with certbot on AWS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Set environment variables | |
| export AWS_IAM_ROLE=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/" 2>/dev/null) | |
| if [ "${AWS_IAM_ROLE}" ]; then | |
| export AWS_ACCESS_KEY_ID=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .AccessKeyId) | |
| export AWS_SECRET_ACCESS_KEY=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .SecretAccessKey) | |
| export AWS_SECURITY_TOKEN=$(curl "http://169.254.169.254/latest/meta-data/iam/security-credentials/${AWS_IAM_ROLE}" 2>/dev/null | jq -r .Token) | |
| fi | |
| echo "[default]" > ~/.aws/config | |
| echo "region=us-east-1" >> ~/.aws/config | |
| echo "output=json" >> ~/.aws/config | |
| echo "aws_access_key_id=${AWS_ACCESS_KEY_ID}" >> ~/.aws/config | |
| echo "aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}" >> ~/.aws/config | |
| echo "aws_session_token=${AWS_SECURITY_TOKEN}" >> ~/.aws/config | |
| echo "Credentials saved!" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ./aws-metadata.sh | |
| docker run -it --rm --name certbot \ | |
| --env AWS_CONFIG_FILE=/etc/aws-config \ | |
| -v "/home/ec2-user/.aws/config:/etc/aws-config" \ | |
| -v "/etc/letsencrypt:/etc/letsencrypt" \ | |
| -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ | |
| certbot/dns-route53 renew |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ./aws-metadata.sh | |
| docker run -it --rm --name certbot \ | |
| --env AWS_CONFIG_FILE=/etc/aws-config \ | |
| -v "/home/ec2-user/.aws/config:/etc/aws-config" \ | |
| -v "/etc/letsencrypt:/etc/letsencrypt" \ | |
| -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ | |
| certbot/dns-route53 certonly --server https://acme-v02.api.letsencrypt.org/directory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment