0

Hi am learning how to install lets encrypt certificate in ubuntu 18.04 using certbot.

I have install certbot by

sudo snap install --beta --classic certbot

giving it permission by

sudo snap set certbot trust-plugin-with-root=ok

since am using aws ec2 so i run

sudo snap install --beta certbot-dns-route53

now,i am running command

/snap/bin/certbot certonly \
  --dns-route53 \
  -d *.example.com

I am getting error:

Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.

I am newbie in installing SSL certificate in a vps. Please let know how to generate certificate to install wildcard.

Deepak Maurya
  • 67
  • 1
  • 9

1 Answers1

1

Yes. Error is clear you need Amazon Web Services Route 53 API in order to complete dns-01 challenge (DNS01) by creating, and subsequently removing, TXT records and this plugin requires a configuration file containing Amazon Web Sevices API credentials for an account with the following permissions:

route53:ListHostedZones
route53:GetChange
route53:ChangeResourceRecordSets

You can get these permissions that can be captured in an AWS policy like the one below.

{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
            ]
        }
    ]
}

And eventually, you can set the configuration config file for AWS route 53 plugin either by Using the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. OR

Using a credentials configuration file at the default location, ~/.aws/config. OR

Using a credentials configuration file at a path supplied using the AWS_CONFIG_FILE environment variable.

The Sample Config file is:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

You can read further in https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html

https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials

Fatih Şennik
  • 1,295
  • 5
  • 12