Can't get cert for X, still waiting on domain authorizations about lambda-letsencrypt HOT 11 CLOSED

Which validation method?(I'm assuming http) Do you see the files being created in the S3 bucket?

Can you give any further details?

Also; if you're just looking to have ssl and not letsencrypt specifically please note that AWS has free certs through ACM now. https://aws.amazon.com/certificate-manager/

from lambda-letsencrypt.

HTTP, yes, this is my config:

# DIRECTORY_URL = 'https://acme-staging.api.letsencrypt.org/directory'
DIRECTORY_URL = 'https://acme-v01.api.letsencrypt.org'

# Number of bits to use for your Lets-Encrypt User Key
# Leave alone if you don't know what this is
USERKEY_BITS = 2048

# The AWS region your resources exist in
AWS_REGION = 'us-east-1'

# The SNS topic to send messages to(Set to None to disable)
SNS_TOPIC_ARN = "arn:aws:sns:us-west-2:----------:letsencrypt-lambda-notify"

# S3 Bucket where we'll store the Lets-Encrypt user key and necessary files
# These files will be stored in a subdomain
S3CONFIGBUCKET = "---.---.com"

# The number of bits for your certificate
# Leave alone if you don't know what this is
CERT_BITS = 2048

# The email you want to register with Lets-Encrypt
# (Can be used for account recovery and things)
EMAIL = "[email protected]"

# The S3 Bucket to be used for Challenge Validation
S3CHALLENGEBUCKET = "---.---.com"

# This is the list of all domains you want to validate with Lets-Encrypt, as
# well as the available validation methods
DOMAINS = [
    {
        "DOMAIN": "---.---.com", 
        "VALIDATION_METHODS": []
    }
]

# This is the list of CloudFront IDs and list of domains that will be present
# on the ssl cert for the Distribution.
SITES = [
    {
        "DOMAINS": [
            "---.---.com"
        ], 
        "CLOUDFRONT_ID": "E2E0000000000"
    }
]

Here's the rest of the files, if you want to double check. It's what #14 generated: Archive.zip

On S3 I see the file letsencrypt/letsencrypt_user.json with the content:

{"url": "https://acme-v01.api.letsencrypt.org/acme/reg/2222479", "keybits": 2048, "key": "-----BEGIN RSA PRIVATE KEY-----\n00000000keeeeeeeeyyyyyyyyyy00000000\n-----END RSA PRIVATE KEY-----\n", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}

ACM unfortunately needs email access, which I don't have on this site, hence Let's Encrypt

from lambda-letsencrypt.

@bfred-it did you ever get this working?

from lambda-letsencrypt.

I ended up getting ACM by contacting the email/domain holders :)

from lambda-letsencrypt.

@bfred-it,

Bummer, I think I'm exactly where you were. I Feel like I am close to getting this to work.

Any ideas @MrMMorris

from lambda-letsencrypt.

@er-c I feel like with the OP's issue, I just had to wait until it ran again? Although I did run into other issues with the DIRECTORY_URL still pointing to staging, and the buckets needing to have more open permissions. I do currently have it working and serving certs, so I am happy to help.

Here is the script I am currently using. It has a couple changes from PR's that are currently open:

https://gist.github.com/MrMMorris/fea267eb32ce51ad051e44e1032d97d2

from lambda-letsencrypt.

@MrMMorris

Thanks. I'll probably try this at the end of the week. For now I resorted to using Amazons Internal Cert manager. But I'd like to have this option in my quiver. Appreciate the gist. Have a good one.

from lambda-letsencrypt.

ok so now that my cert is up for renewal, I am also getting the same error.

I have no idea what I did if anything to fix it last time, but it seems like it doesn't have anything to do with the code.

Anyone able to figure this out?

from lambda-letsencrypt.

so I figured out how to fix it and what I did last time:

delete this file: <config-s3-bucket>/<domain-name>/authzr-*

Maybe the script should be doing this itself?

from lambda-letsencrypt.

@MrMMorris this sounds like what I took care of recently in #29, although I was encountering different expiration related messages that led to that.

from lambda-letsencrypt.

from lambda-letsencrypt.