yum install python-certbot-nginx python3-certbot-dns-route53 find the zone id from aws route53 panel satya.com.np zone id:-xxxx 1.create a custom policy with json from route53 policy section Hosted Zone ID:xxxx { "Version": "2020-07-05", "Id": "letsencrypt-mac policy", "Statement": [ { "Effect": "Allow", "Action": ["route53:ListHostedZones", "route53:GetChange"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["route53:ChangeResourceRecordSets"], "Resource": ["arn:aws:route53:::hostedzone/xxxx"] } ] } 2.Create IAM user and assign the create custom policy to that user You’ll also have to select “Programmatic Access” under “Access type”. you’ll be presented with your access and secret keys. IAMuser:-letsencrypt-mac 3.add in bash_profile export AWS_ACCESS_KEY_ID=aaaaaaaa export AWS_SECRET_ACCESS_KEY='bbbbbbb' 4.now generate new certificate from that server certbot certonly \ -n \ --agree-tos \ --email [email protected] \ -d satya.com.np \ -d '*.satya.com.np' \ --dns-route53 \ --preferred-challenges=dns \ --logs-dir /tmp/letsencrypt \ --config-dir ~/etc/letsencrypt \ --work-dir /tmp/letsencrypt 5.###renew### certbot renew --dns-route53 --logs-dir /tmp/letsencrypt --config-dir /etc/letsencrypt/config/ --work-dir /tmp/letsencrypt --non-interactive --server https://acme-v02.api.letsencrypt.org/directory 6.crontab 0 */12 * * * root certbot -q renew --renew-hook 'service nginx reload' >> /var/log/letsencrypt/renew.log