|author||Paulo Koch <email@example.com>||Fri Mar 17 10:04:04 2017 +0000|
|committer||Paulo Koch <firstname.lastname@example.org>||Wed Apr 05 11:02:01 2017 +0100|
Tidy up installation
It's expected that the root hosted zone for the domain in question already exists in your account.
Create a virtual environment
Update its pip and setuptools (
VENV/bin/pip install -U setuptools pip) to avoid problems with cryptography's dependency on setuptools>=11.3.
Make sure you have libssl-dev and libffi (or your regional equivalents) installed. You might have to set compiler flags to pick things up (I have to use
CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/lib on my macOS to pick up brew's openssl, for example).
Install this package.
Make sure you have access to AWS's Route53 service, either through IAM roles or via
.aws/credentials. Check out (sample-aws-policy.json)[sample-aws-policy.json].
To generate a certificate:
certbot certonly \ -n --agree-tos --email DEVOPS@COMPANY.COM \ -a certbot-route53:auth \ -d MY.DOMAIN.NAME