4. Get SSL certificate using certbot

Install certbot

In home server terminal, install using brew.

brew install certbot

Install certbot AWS Route 53 plugin

The plugin can't be installed by brew. Use python.

$(brew --prefix certbot)/libexec/bin/python -mpip install certbot-dns-route53

I found the install command in a following issue.

https://github.com/certbot/certbot/issues/5680

Check AWS profile

The plugin use boto3, and it use aws profile in the mac server.

cd ~/.aws
cat config
cat credentials

Check if it shows [default] profile.

At first, I didn't have default profile. I tried AWS_PROFILE, AWS_DEFAULT_PROFILE, etc. But they seemed not working. In the end, I put default profile then it worked.

The default profile credential have to have route53 related permissions.

Route 53 permission list

https://certbot-dns-route53.readthedocs.io/en/stable/

Request certificate

I have hosted zone of ourcompanylunch.com.

sudo certbot certonly \
  --dns-route53 \
  -d "ourcompanylunch.com" \
  -d "*.ourcompanylunch.com"

After answering some question, I can get the certificate.

I tried to do it without sudo. I had to manually add --config-dir, --work-dir, --logs-dir options. The command worked but I decided to go with sudo because it seems more recommended. I need to manually config options in renewal too.

Show certificate information

sudo certbot certificates

This shows certificate path and private key path. These will be used in nginx configuration.

Expire date is after 3 month. Renew is needed.

Previous3. Create IAM role for Github Actions (OIDC)Next5. Setup nginx in home server

Last updated 1 year ago

hashtagInstall certbot

hashtagInstall certbot AWS Route 53 plugin

hashtagCheck AWS profile

hashtagRequest certificate

hashtagShow certificate information

Install certbot

Install certbot AWS Route 53 plugin

Check AWS profile

Request certificate

Show certificate information