It controls certbot to create and renew certs, using AWS Route 53 DNS Plugin.
- Docker
- This program uses docker internally.
- Golang
- AWS IAM for Route53
- Please read this page and please prepare it.
make certbot-driver
./certbot-driver --help
% ./certbot-driver
usage: certbot-driver [<flags>] <command> [<args> ...]
Control certbot automatically
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
--version Show application version.
Commands:
help [<command>...]
Show help.
create --cert.directory=(path/to/cert) --email-address=([email protected]) --aws.iam=(iam.conf) [<flags>] <domains>...
create new certs
renew --cert.directory=(path/to/cert) --email-address=([email protected]) --aws.iam=(iam.conf) [<flags>]
renew existing certs
It creates a certificate for example.com
and *.example.com
.
% certbot-driver \
--cert.directory=data/example.com \
[email protected] \
--aws.iam=route53.iam.conf \
'example.com' '*.example.com'
It keeps or renew certificates.
% certbot-driver \
--cert.directory=data/example.com \
[email protected] \
--aws.iam=route53.iam.conf
Certificates are stores in the directory as in /etc/letsencrypt
.
You can use
path/to/certs/live/example.com/privkey.pem
path/to/certs/live/example.com/fullchain.pem
In nginx, apache or other HTTP servers.
Please see example for more details:
cd path/to/cert
find .
./csr
./csr/0000_csr-certbot.pem
./keys
./keys/0000_key-certbot.pem
./renewal
./renewal/example.com.conf
./archive
./archive/example.com
./archive/example.com/chain1.pem
./archive/example.com/fullchain1.pem
./archive/example.com/privkey1.pem
./archive/example.com/cert1.pem
./live
./live/README
./live/example.com
./live/example.com/privkey.pem
./live/example.com/chain.pem
./live/example.com/cert.pem
./live/example.com/fullchain.pem
./live/example.com/README
./accounts
./accounts/acme-v02.api.letsencrypt.org
./accounts/acme-v02.api.letsencrypt.org/directory
./accounts/acme-v02.api.letsencrypt.org/directory/7b0ea06ef2adc55dd70bdf6902e9b10e
./accounts/acme-v02.api.letsencrypt.org/directory/7b0ea06ef2adc55dd70bdf6902e9b10e/private_key.json
./accounts/acme-v02.api.letsencrypt.org/directory/7b0ea06ef2adc55dd70bdf6902e9b10e/regr.json
./accounts/acme-v02.api.letsencrypt.org/directory/7b0ea06ef2adc55dd70bdf6902e9b10e/meta.json
./accounts/acme-staging-v02.api.letsencrypt.org
./accounts/acme-staging-v02.api.letsencrypt.org/directory
./accounts/acme-staging-v02.api.letsencrypt.org/directory/3a3615f3d27cc339e1d4e5ed52275f45
./accounts/acme-staging-v02.api.letsencrypt.org/directory/3a3615f3d27cc339e1d4e5ed52275f45/private_key.json
./accounts/acme-staging-v02.api.letsencrypt.org/directory/3a3615f3d27cc339e1d4e5ed52275f45/regr.json
./accounts/acme-staging-v02.api.letsencrypt.org/directory/3a3615f3d27cc339e1d4e5ed52275f45/meta.json
./renewal-hooks
./renewal-hooks/post
./renewal-hooks/pre
./renewal-hooks/deploy