e570e8ad32
While reviewing https://github.com/certbot/certbot/pull/8404, it occurred to me that we're keeping both the generated files and the script used to generate them in `git`. Keeping both around seems unnecessary and is almost asking for the files to get out of sync at some point in the future. I fixed that by removing the files, adding them to `.gitignore`, and updating `build_remote.py` to generate them as needed. * Remove generated files. * Add generated files to gitignore. * Reuse generate_dnsplugins_all.sh in build_remote |
||
|---|---|---|
| .. | ||
| certbot_dns_route53 | ||
| docs | ||
| examples | ||
| tests | ||
| .gitignore | ||
| LICENSE.txt | ||
| local-oldest-requirements.txt | ||
| MANIFEST.in | ||
| README.md | ||
| readthedocs.org.requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
Route53 plugin for Let's Encrypt client
Before you start
It's expected that the root hosted zone for the domain in question already exists in your account.
Setup
-
Create a virtual environment
-
Update its pip and setuptools (
VENV/bin/pip install -U setuptools pip) to avoid problems with cryptography's dependency on setuptools>=11.3. -
Make sure you have libssl-dev and libffi (or your regional equivalents) installed. You might have to set compiler flags to pick things up (I have to use
CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/libon my macOS to pick up brew's openssl, for example). -
Install this package.
How to use it
Make sure you have access to AWS's Route53 service, either through IAM roles or
via .aws/credentials. Check out
sample-aws-policy.json for the necessary permissions.
To generate a certificate:
certbot certonly \
-n --agree-tos --email DEVOPS@COMPANY.COM \
--dns-route53 \
-d MY.DOMAIN.NAME