Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: ./certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html --no-self-upgrade -d twosteptest.gvsmb.com
It produced this output:
Had a problem while installing Python packages.
pip prints the following errors:
Collecting ConfigArgParse==1.2.3 (from -r /tmp/tmp.w5lZmnhDrz/letsencrypt-auto-requirements.txt (line 12))
Could not fetch URL https://pypi.python.org/simple/configargparse/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727) - skipping
Could not find a version that satisfies the requirement ConfigArgParse==1.2.3 (from -r /tmp/tmp.w5lZmnhDrz/letsencrypt-auto-requirements.txt (line 12)) (from versions: )
No matching distribution found for ConfigArgParse==1.2.3 (from -r /tmp/tmp.w5lZmnhDrz/letsencrypt-auto-requirements.txt (line 12))
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Actually I provisioned a ec2 instance and deployed nginx container in that. Inside nginx container trying to install snapd and trying to generate certificates for the DNS. While installing snapd and getting below error. error: cannot communicate with server: Post http://localhost/v2/snaps/certbot: dial unix /run/snapd.socket: connect: no such file or directory
From AWS Route 53 created a record set(DNS) and mapped to above bastion load balancer due that two generated I think.
Guide me steps how to install cerbot for nginx container which is deployed in AWS bastion instance and also steps for generating the certificates for DNS
snapd is pre-installed in Ubuntu. I recommend installing Certbot in your host (not the nginx container) using the pre-installed snap according the instructions linked to by @osiris earlier in this thread.
You then setup volume statements in your nginx container to allow it to use the cert files in your host.
You describe a load balancer. How many servers will operate behind the load balancer? Because if there will be a large number you will run into Rate Limit problems. In these cases you should setup one server to obtain the certs and then distribute them to the other EC2 instances as needed.
And, if you are using an AWS Load Balancer why not just use AWS ACM instead? This would avoid needing to request your own certs.
Previously deprecated Certbot-auto was able to install in nginx container and able to generate the cert files. Now why are we not able to install cerbot in nginx container ?
I'm using AWS Load Balancer with AWS ACM only, after generating the cert files I will upload in ACM.
Guide me the steps to install cerbot in nginx container and generate cert files using certbot.
AWS docs and support are better references for server design.
If the Load Balancer terminates TLS you need certs there anyway and I believe you can set that up in the Console.
I think the Network Load Balancer just passes requests through to your EC2 which would then need certs. But, again, if you have a large number of these instances rate limits are a concern. If you are auto-scaling then you should obtain and keep certs from a central location and have your other EC2 instances get those at startup and periodically.
Design of load balancers, multiple servers, and certs is a complex undertaking. AWS is also complex and there are many different services and ways to do things.
.