Letsencrypt automation using certbot dns challenge and storing the certificate to s3-compatible object storage

Requires Python 3

• Install certbot specific to your system, from here https://certbot.eff.org/
• Install lexicon from here https://github.com/AnalogJ/lexicon

Clone the repo

git clone https://github.com/minayousseif/acme-bot.git

Install the requirements

python3 -m pip install -r requirements.txt

You can use the cli to create a configuration file

./acmebot config -h

or create a json formatted configuration file using any text editor, name it config.json and place it inside the project root.

config.json example:

{
    "domains": {
        "route53": [
            "example.com", 
            "www.example.com", 
            "sub1.example.com",
            "sub2.example.com"
        ]
    }, 
    "lexicon": {
        "path": "/path/to/bin/lexicon"
    }, 
    "certbot": {
        "path": "/path/to/bin/certbot"
    }
}

then set the needed environment variables

export DNS_PROVIDER_USERNAME=your_domain_provider_username
export DNS_PROVIDER_AUTH_TOKEN=your_domain_provider_token
export AWS_ACCESS_KEY=your_aws_access_key
export AWS_SECRET_KEY=your_aws_secret_key
export AWS_REGION=your_aws_region
export CERTS_BUCKET_NAME=the_certs_bucket_name

Optional, if you want to add acmebot to your PATH.

cd /usr/bin
ln -s /path/to/the/acme-bot/acmebot acmebot

to learn how you can let's encrypt ssl certificates run:

./acmebot -h

a Python script that runs as a service to check for SSL certificates updates.

for more details please refer to acme-client readme

THE SCRIPT IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHOR OR COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SCRIPT OR THE USE OR OTHER DEALINGS IN THE SCRIPT.