AWS LightSail - Certbot Auto-Renewal

My domain is: (Domain needs to transfer)

I follow this guide from AWS:

and i successfully get this done without any issue. The last line from the guide above.
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly i used this command to get certificate.

Now i need to put this cerbot on auto renewal but aws don't have any guide on that but i found one Let's Encrypt github issue there.Github
In a comment the guy clearly state that

Certificates that are created using --manual (and without an authentication hook) cannot be automatically renewed

What command i need to run to get auto renewal for my certificate when i used manual from guide above?

You cannot auto renew any --manual method as it requires, well, manual intervention.

The github post you linked to was by a Certbot developer so is the most credible answer you can get for Certbot :slight_smile: You can also see the certbot docs (here) which say the same.

There are ways to automate a DNS Challenge for a wildcard cert. But, I am not sure Lightsail has an API to allow that. I could be wrong but I don't think it uses, say, Route53 in the same way as EC2 for example. There are not many Lightsail experts on this forum but perhaps one will confirm or deny this.

The AWS doc you linked was for LAMP but another AWS doc for Lightsail / Bitnami for Wordpress explains how to use the bncert tool in bitnami to auto-renew certs. The drawback is it does not work for wildcard certs. A wildcard cert requires a DNS Challenge which is often harder to setup than the HTTP Challenge that can be used for non-wildcard certs. Maybe this would work for you if you don't require a wildcard.

Below is this other AWS doc I describe perhaps you will find it helpful. A warning to read it very carefully. There are subtle differences in steps depending on your config


Thanks for the quick reply. As we are not using wordpress so i don't think the link you shared work for me.

Can you please tell me if i remove complete certificate (all files and folders) which won't create any issue in future or getting new certificate again without having manual tag?

Our current setup based on LAMP (lightsail) with debian 10.xx and if we uninstall and reinstalling again with keeping auto renew in mind that would help us ?

1 Like

The instructions you posted were for Bitnami on Lightsail. The bncert tool on that is more versatile than just for Wordpress. But, only you know if it can help in your case.

Do you plan to use the Lightsail DNS Zone?

Is a wildcard cert essential?

You should also review this topic to understand some basic options


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.