Fetch and renew certificates for your Elastic Beanstalk instance automatically with these hot .ebextensions! Because you don't want to pay $20/month for load balancing.
Now with 100% EFF, Let's Encrypt, and Certbot!
- Currently only configured for NGINX
- Apache config welcome, please contribute
Control ebcert with three Elastic Beanstalk environment variables:
CERT_EMAIL
: Email address for registration, renewal, and recoveryCERT_DOMAIN
: The domain or comma separated domains you want to certifyCERT_PRODUCTION
:- When
true
, genuine, production-ready Let's Encrypt certificates will be issued - In all other cases, certificates will be issued by the Let's Encrypt staging server. These certificates are not production ready.
- Let's Encrypt has serious rate limits. You are far more likely to encounter these limits when
CERT_PRODUCTION
istrue
.
- When
- Customize nginx.conf to suit your use case.
- Boot or redeploy your app with your customized ebcert .ebextensions.
- Point desired
CERT_DOMAINS
to your Elastic Beanstalk environment. (ebcert uses certbot's webroot authentication method, which requires connectivity at the domain at the time of authentication.) - Set
CERT_EMAIL
,CERT_DOMAIN
, and (if production-ready)CERT_PRODUCTION
as Elastic Beanstalk environment variables. - Keep $20/month!
-
Via environment variable
- Set the Elastic Beanstalk environment variable
CERT_PRODUCTION
totrue
- Set the Elastic Beanstalk environment variable
-
Via SSH
sudo /opt/ebcert/cert.sh -m
-
Via EB CLI clone
- Point the domain(s) you wish to certify to a new CNAME you select for your clone (
your-new-env-cname
) eb clone your-current-env-cname -n your-new-env-name -c your-new-env-cname --envvars CERT_PRODUCTION=true
- Point the domain(s) you wish to certify to a new CNAME you select for your clone (
Change (add, remove, swap) your certified domains at any time by changing the value of CERT_DOMAIN
. Note that such changes will count toward your rate limit if CERT_PRODUCTION
is true
.
Thanks to Tony Gutierrez and all participants in this gist.