Installing certbot on an EC2 using AWS Systems Manager
- Certbot with Apache
- Letsencrypt Certbot Common Tasks
- Installing certbot on an EC2 using AWS Systems Manager
- Troubleshooting letsencrypt and certbot
- Invalid Document Content Error in running an AWS SSM document
Registering the certbot client and requesting a certificate
- sudo yum -y install yum-utils - sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional - sudo yum -y install certbot - sudo certbot register --server {{ CertServerUrl }} -m {{ contactEmail }} --no-eff-email - sudo certbot certonly --server {{ CertServerUrl }} --cert-name {{ certName }} -d {{ certDomains }} --webroot-path {{ webrootPath }} > /home/certbotout.txt
The terraform file (ssm-certbot.tf)
# input variables variable "instance_ids" { type = list default = [""] } variable "cert_common_name" { type = string default = "avTestCert" } variable "cert_domain_names" { type = list(string) default = ["example.com, www.example.com, mail.example.com"] } variable "web_root_path" { type = string default = "/var/www" } #Permissions for SSM to run resource "aws_iam_role_policy_attachment" "ec2_ssm_policy" { role = aws_iam_role.aws_ec2_role.id policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } # SSM document resource "aws_ssm_document" "my_ssm_doc" { name = "test_document" document_type = "Command" document_format = "YAML" content = file("./ssm-content.yaml") } # SSM association resource "aws_ssm_association" "assoc" { name = "${aws_ssm_document.my_ssm_doc.name}" targets { key = "InstanceIds" values = ["${aws_instance.anujtf000000.id}"] } parameters = { certDomains = "${aws_instance.anujtf00000.private_dns}" certName = "mycertName" contactEmail = "blah@blah.com" ServerProvisioningUrl = "https://acme-staging-v02.api.letsencrypt.org/directory" } }
The YAML file (ssm-content.yaml) – content for the Systems Manager doc association
NOTE: Beware any whitespaces in the yaml. You will see a mysterious Invalid Document Content error from the terraform SSM document resource. The error is simply telling you that the content (this yaml file) is inavalid – usually because of an extra whitespace.
--- schemaVersion: '2.2' description: Certbot Install on EC2 parameters: certDomains: type: String description: "Comma-Separated list of domains for which a certificate will be installed. e.g. example.com, www.example.com" certName: type: String description: "The CN (common name) of this certificate. e.g. example.com" contactEmail: type: String description: "Email address for certificate notifications." webrootPath: type: String description: "web root path of webserver. e.g. /var/www" ServerProvisioningUrl: type: String description: "The ACME server endpoint URL." mainSteps: - action: aws:runShellScript name: configureServer inputs: runCommand: - sudo yum -y install yum-utils - sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional - sudo yum -y install certbot - sudo certbot register --server {{ ServerProvisioningUrl }} -m {{ contactEmail }} --no-eff-email - sudo certbot certonly --server {{ ServerProvisioningUrl }} --cert-name {{ certName }} -d {{ certDomains }} --webroot-path {{ webrootPath }}
Creating cert in –standalone mode
sudo yum -y install yum-utils
– sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
– sudo yum-config-manager –enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
– sudo yum -y install certbot
– sudo certbot register –server {{ acmeServerUrl }} -m {{ contactEmail }} –no-eff-email
– sudo certbot certonly –server {{ acmeServerUrl }} –cert-name {{ certName }} -d {{ certDomains }} –webroot-path {{ webrootPath }} > /home/certbotrun.txt
Leave a Reply