yum install python-certbot-nginx python3-certbot-dns-route53
find the zone id from aws route53 panel
satya.com.np zone id:-xxxx
1.create a custom policy with json from route53 policy section
Hosted Zone ID:xxxx
{
"Version": "2020-07-05",
"Id": "letsencrypt-mac policy",
"Statement": [
{
"Effect": "Allow",
"Action": ["route53:ListHostedZones", "route53:GetChange"],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": ["route53:ChangeResourceRecordSets"],
"Resource": ["arn:aws:route53:::hostedzone/xxxx"]
}
]
}
2.Create IAM user and assign the create custom policy to that user
You’ll also have to select “Programmatic Access” under “Access type”.
you’ll be presented with your access and secret keys.
IAMuser:-letsencrypt-mac
3.add in bash_profile
export AWS_ACCESS_KEY_ID=aaaaaaaa
export AWS_SECRET_ACCESS_KEY='bbbbbbb'
4.now generate new certificate from that server
certbot certonly \
-n \
--agree-tos \
--email [email protected] \
-d satya.com.np \
-d '*.satya.com.np' \
--dns-route53 \
--preferred-challenges=dns \
--logs-dir /tmp/letsencrypt \
--config-dir ~/etc/letsencrypt \
--work-dir /tmp/letsencrypt
5.###renew###
certbot renew --dns-route53 --logs-dir /tmp/letsencrypt --config-dir /etc/letsencrypt/config/ --work-dir /tmp/letsencrypt --non-interactive --server https://acme-v02.api.letsencrypt.org/directory
6.crontab
0 */12 * * * root certbot -q renew --renew-hook 'service nginx reload' >> /var/log/letsencrypt/renew.log