Skip to content

Instantly share code, notes, and snippets.

@cgmartin

cgmartin/le-aws-upload-cert.sh

Last active April 30, 2023 13:09
Show Gist options
  • Save cgmartin/6c964fc3b099240f8563 to your computer and use it in GitHub Desktop.
Save cgmartin/6c964fc3b099240f8563 to your computer and use it in GitHub Desktop.
Download ZIP
Scripts for manually creating Let's Encrypt certificates for AWS S3/CloudFront
Raw
le-aws-upload-cert.sh
#!/bin/bash
# Usage:
# $ le-aws-upload-cert.sh
echo "Current list of certificates in AWS"
echo "-----------------------------------"
aws iam list-server-certificates
echo
read -p "Domain name: " domain_name
current_date=$(date +"%Y%m%d")
aws_cert_name="${domain_name}-${current_date}"
aws iam upload-server-certificate --server-certificate-name $aws_cert_name --certificate-body file://${PWD}/etc/live/${domain_name}/cert.pem --private-key file://${PWD}/etc/live/${domain_name}/privkey.pem --certificate-chain file://${PWD}/etc/live/${domain_name}/chain.pem --path /cloudfront/
aws iam get-server-certificate --server-certificate-name $aws_cert_name
echo
Raw
le-run-agent.sh
#!/bin/bash
# Usage:
# $ le-run-agent -d mydomain.com -d www.mydomain.com
mkdir -p etc lib
docker run -it --rm --name letsencrypt \
-v "${PWD}/etc:/etc/letsencrypt" \
-v "${PWD}/lib:/var/lib/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest \
certonly --manual $*
Raw
le-s3-auth-upload.sh
#!/bin/bash
# Usage:
# $ le-s3-auth-upload.sh
read -p "Let's Encrypt Auth URI: " le_auth_uri
read -p "Let's Encrypt Auth Content: " le_auth_content
read -p "AWS S3 Bucket Name: " aws_s3_bucket
le_auth_token=${le_auth_uri##*/}
le_auth_tmp_file="/tmp/le-acme-challenge-$le_auth_token"
echo -e "\n- writing temp challenge file: $le_auth_tmp_file $le_auth_content"
printf "%s" "$le_auth_content" > "$le_auth_tmp_file"
aws s3 cp "$le_auth_tmp_file" s3://$aws_s3_bucket/.well-known/acme-challenge/$le_auth_content --content-type text/plain
echo -e "\n- verifying S3 transfer succeeded: ($le_auth_uri)"
curl -D - $le_auth_uri
echo
@cgmartin
Copy link
Author

Instructions:

$ le-run-agent.sh -d domain.com -d www.domain.com
# When agent displays first manual verification prompt (in 2nd terminal):
$ le-s3-auth-upload.sh  # For first domain
# Continue agent process... then for 2nd verification prompt (in 2nd terminal):
$ le-s3-auth-upload.sh  # For second domain
# Agent complete...
$ le-aws-upload-cert.sh

@danielgranat
Copy link

Thanks for posting this, and for the blog post!
One thing I noticed is that when uploading the file to S# you should change this:
aws s3 cp "$le_auth_tmp_file" s3://$aws_s3_bucket/.well-known/acme-challenge/$le_auth_content
to
aws s3 cp "$le_auth_tmp_file" s3://$aws_s3_bucket/.well-known/acme-challenge/$le_auth_token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment