Comments (11)
Which validation method?(I'm assuming http) Do you see the files being created in the S3 bucket?
Can you give any further details?
Also; if you're just looking to have ssl and not letsencrypt specifically please note that AWS has free certs through ACM now. https://aws.amazon.com/certificate-manager/
from lambda-letsencrypt.
HTTP, yes, this is my config:
# DIRECTORY_URL = 'https://acme-staging.api.letsencrypt.org/directory'
DIRECTORY_URL = 'https://acme-v01.api.letsencrypt.org'
# Number of bits to use for your Lets-Encrypt User Key
# Leave alone if you don't know what this is
USERKEY_BITS = 2048
# The AWS region your resources exist in
AWS_REGION = 'us-east-1'
# The SNS topic to send messages to(Set to None to disable)
SNS_TOPIC_ARN = "arn:aws:sns:us-west-2:----------:letsencrypt-lambda-notify"
# S3 Bucket where we'll store the Lets-Encrypt user key and necessary files
# These files will be stored in a subdomain
S3CONFIGBUCKET = "---.---.com"
# The number of bits for your certificate
# Leave alone if you don't know what this is
CERT_BITS = 2048
# The email you want to register with Lets-Encrypt
# (Can be used for account recovery and things)
EMAIL = "[email protected]"
# The S3 Bucket to be used for Challenge Validation
S3CHALLENGEBUCKET = "---.---.com"
# This is the list of all domains you want to validate with Lets-Encrypt, as
# well as the available validation methods
DOMAINS = [
{
"DOMAIN": "---.---.com",
"VALIDATION_METHODS": []
}
]
# This is the list of CloudFront IDs and list of domains that will be present
# on the ssl cert for the Distribution.
SITES = [
{
"DOMAINS": [
"---.---.com"
],
"CLOUDFRONT_ID": "E2E0000000000"
}
]
Here's the rest of the files, if you want to double check. It's what #14 generated: Archive.zip
On S3 I see the file letsencrypt/letsencrypt_user.json
with the content:
{"url": "https://acme-v01.api.letsencrypt.org/acme/reg/2222479", "keybits": 2048, "key": "-----BEGIN RSA PRIVATE KEY-----\n00000000keeeeeeeeyyyyyyyyyy00000000\n-----END RSA PRIVATE KEY-----\n", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}
ACM unfortunately needs email access, which I don't have on this site, hence Let's Encrypt
from lambda-letsencrypt.
@bfred-it did you ever get this working?
from lambda-letsencrypt.
I ended up getting ACM by contacting the email/domain holders :)
from lambda-letsencrypt.
Bummer, I think I'm exactly where you were. I Feel like I am close to getting this to work.
Any ideas @MrMMorris
from lambda-letsencrypt.
@er-c I feel like with the OP's issue, I just had to wait until it ran again? Although I did run into other issues with the DIRECTORY_URL
still pointing to staging, and the buckets needing to have more open permissions. I do currently have it working and serving certs, so I am happy to help.
Here is the script I am currently using. It has a couple changes from PR's that are currently open:
https://gist.github.com/MrMMorris/fea267eb32ce51ad051e44e1032d97d2
from lambda-letsencrypt.
Thanks. I'll probably try this at the end of the week. For now I resorted to using Amazons Internal Cert manager. But I'd like to have this option in my quiver. Appreciate the gist. Have a good one.
from lambda-letsencrypt.
ok so now that my cert is up for renewal, I am also getting the same error.
I have no idea what I did if anything to fix it last time, but it seems like it doesn't have anything to do with the code.
Anyone able to figure this out?
from lambda-letsencrypt.
so I figured out how to fix it and what I did last time:
delete this file: <config-s3-bucket>/<domain-name>/authzr-*
Maybe the script should be doing this itself?
from lambda-letsencrypt.
@MrMMorris this sounds like what I took care of recently in #29, although I was encountering different expiration related messages that led to that.
from lambda-letsencrypt.
from lambda-letsencrypt.
Related Issues (20)
- Implement 'tls-sni-01' validation
- Advantages/Disadvantages over AWS Certificate Manager HOT 4
- doesn't work HOT 1
- IllegalLocationConstraintException
- Error 404 in get_user -> register HOT 1
- Permission denied on CSR creation HOT 3
- Certificate using invalid paths HOT 2
- Missing custom headers on CloudFront update HOT 2
- Automatically deploy event rule for the lambda
- Fake Intermediate Cert HOT 3
- Unable to import module 'lambda_function': No module named lambda_function
- Make the wizard a bit more friendly
- Fails during Configuring Lambda Function HOT 1
- Implement DNS validation
- Support dynamic configuration
- Allow something like 'auto' for cloudfront id
- Support ELBs
- Cloudwatch alarms
- Better wizard first run experience (of the lambda function)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lambda-letsencrypt.