Let’s Encrypt (LE) is a free, automated, and open certificate authority (CA) so that we do not need to pay a cent for a SSL certificate.
If your application is running on EC2 + ELB + ROUTE 53 , by following Let's Encrypt Guide you would encounter errors :
"The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge"
OR
"Invalid response from http://yourdomain.com/.well-known/acme-challenge/Q5vG.................6I33OM"
Luckily Alex did a python script for AWS , below are the steps :
$ sudo apt-get install python-pip
$ sudo pip install -U virtualenv
$ git clone https://github.com/alex/letsencrypt-aws.git
$ virtualenv venv
$ source venv/bin/activate
(venv)$ cd letsencrypt-aws
(venv) $ pip install -r requirements.txt
(venv) $ python letsencrypt-aws.py register email@yourdomin.com
save rsa private key to /home/yourprofile/le-private.pem
$export LETSENCRYPT_AWS_CONFIG='{"domains":[{"elb":{"name":"name of your loadbalancer"},"hosts":["yourdomain.com","www.yourdomain.com"]}],"acme_account_key":"file:///home/yourprofile/le-private.pem"}'
$aws configure
$python letsencrypt-aws.py update-certificates --force-issue
Reference and Note :
1. $export LC_ALL=C if you encounter locale.Error: unsupported locale setting
2. for $aws configure you can create a new user and give admin right then delete it after usage
3. https://letsencrypt.org/getting-started/
4. https://github.com/alex/letsencrypt-aws/blob/master/README.md
5. https://github.com/alex/letsencrypt-aws/issues/21
6. https://boto3.readthedocs.io/en/latest/guide/configuration.html
7. http://docs.python-guide.org/en/latest/dev/virtualenvs/
No comments:
Post a Comment