Announcing letsencrypt-aws
source link: https://alexgaynor.net/2016/jan/20/announcing-letsencrypt-aws/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Alex Gaynor
Hi, I'm Alex. I've been CISO at a startup named Alloy, an engineer working on Firefox security, and before that at the U.S. Digital Service. I'm an avid open source contributor and live in Washington, DC.
© 2020. All rights reserved.
Announcing letsencrypt-aws
Wed, Jan 20, 2016If you haven’t heard, Let’s Encrypt is a brand new certificate authority offering free, automated, and trusted HTTPS certificates. It’s extremely exciting.
Let’s Encrypt is built on a protocol called “ACME”, which defines a standard
HTTP API for a certificate authority. letsencrypt-aws is built on that to
easily orchestrate your AWS infrastructure to make sure certificates are
automatically issued and kept up to date.
You can grab a copy on Github.
To get started with Let’s Encrypt, first you create your account key, and place
the private key in account-key.pem:
$ python letsencrypt-aws.py register [email protected]
2016-01-09 19:56:19 [acme-register.generate-key]
2016-01-09 19:56:20 [acme-register.register] email=u'[email protected]'
2016-01-09 19:56:21 [acme-register.agree-to-tos]
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
Now tell it about your ELBs:
export LETSENCRYPT_AWS_CONFIG='{
"domains": [
{
"hosts": ["host.com", "www.host.com"],
"elb": {
"name": "my-elb"
}
}
],
"acme_account_key": "file:///path/to/account-key.pem"
}'
python letsencrypt-aws.py update-certificates
You’ll need to have your machine set up for your AWS account (using either the standard configuration file, environment variables, or IAM instance role).
And then it should just work!
Installing and updating certificates should be a 0-downtime operation,
letsencrypt-aws does not require taking over port 80 or 443.
For full details, checkout the README. Try it out, and don’t hesitate to file issues with bugs or feature requests.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK