Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
certbot-route53
NOTE: If you're already using Route53, you're propbably better off using AWS Certificate Manager, which was released after this script.
This shell script helps create Let's Encrypt certificates for AWS Route53. It uses Certbot to automate certificate requests, and the AWS CLI to automate DNS challenge record creation.
Installation and Usage
-
Install Certbot and the AWS CLI. You can use Homebrew (
brew install awscli certbot) or pip (pip install awscli certbot). -
Configure the AWS CLI. Your account must have permission to list and update Route53 records.
-
Download the certbot-route53.sh script.
mkdir my-certificates cd my-certificates curl -sL https://git.io/vylLx -o certbot-route53.sh chmod a+x certbot-route53.sh -
Run the script with your (comma-separated) domain(s) and email address:
sh certbot-route53.sh \ --agree-tos \ --manual-public-ip-logging-ok \ --email $(git config user.email) \ --domains jed.is,www.jed.is -
Wait patiently (usually about two minutes) while, for each domain requested:
- Certbot asks Let's Encrypt for a DNS validation challenge string,
- AWS CLI asks Route53 to create a domain TXT record with the challenge value,
- Let's Encrypt validates the TXT record and returns a certificate, and finally
- AWS CLI asks Route53 to delete the TXT record.
-
Find your new certificate(s) in the
letsencrypt/livedirectory.
