AWS Let's Encrypt Renew certificates
I - Infrastructure components
For the first registration of a certificate renewal request, you must post a message directly in the SQS queue.
The message must be JSON content of the following form
{
"email":"administrator@acme.com",
"domain": "www.acme.com"
}
where:
-
email : email address of the DNS domain owner (see whois)
-
domain : domain to refresh
II - Inputs / Outputs
Inputs
Name | Description | Type | Default |
---|---|---|---|
aws_region | aws region to deploy | string | n/a |
bucket_name | S3 bucket to receive certificates | string | "" |
certbot_server | The URL of let's Encrypt cerbot server | string | "https://acme-v02.api.letsencrypt.org/directory" |
cloudwatch_log_retention | The cloudwatch log retention ( default 7 days ). | number | 7 |
function_timeout | The amount of time your Lambda Functions has to run in seconds Default 90s | number | 90 |
number_days_before_expiration | The Number of days before the certificate expires | number | 6 |
scan_alarm_clock | The time between two scan to search for expired certificates ( in minutes default 1440 = 1 days) | number | 1440 |
Outputs
Name | Description |
---|---|
bucket_arn | The ARN of certificates repository |
find_expired_certificates_lambda_arn | The Lambda ARN of Find certificates to refresh by Let's Encrypt |
invoke_cerbot_lambda_arn | The Lambda ARN of Invoke Let's Encrypt to refresh certificate |
sns_result_arn | The SNS result ARN of topic for result of renew cerificates |
sqs_request_arn | The SQS ARN of queue for request of renew cerificates |
III - Usage
module "lets_encrypt"
{
source = "git::https://github.com/AdventielFr/terraform-aws-lets-encrypt-renew-certificates.git?ref=1.0.0"
aws_region = "eu-west-3"
}