Certificate renew failure with AWS route 53

agranville · February 3, 2019, 11:38pm

I have successfully issued a wildcard certificate for my domain, using route 53 challenge. I have followed the instructions described in Christopher Muller's post about configuring Letsencryt wildcard certificate using aws 53 route.

The certificate was issued 85 days ago and now I am trying to renew the certificate without any success. I have tried the command below but certbot returns an error stating that was unable to locate the credentials.

certbot renew --dns-route53 --logs-dir /home/ubuntu/letsencrypt/log/ --config-dir /home/ubuntu/letsencrypt/config/ --work-dir /home/ubuntu/letsencrypt/work/ --non-interactive --server https://acme-v02.api.letsencrypt.org/directory

My credentials are stored in a file named credentials in the folder ubuntu/.aws

What is annoying to me is that I was able to issue the wildcard certificate in first place. Why certbot wouldn't find the credentials when trying to renew the certificate?

_az · February 3, 2019, 11:46pm

If you run Certbot as root, then it expects the file to be located in the /root/.aws/ directory.

Maybe the problem is that you initially ran it via sudo, but since the renewal is in the root user’s cron, there is a mismatch as to which $HOME directory is used to locate the config file?

agranville · February 4, 2019, 12:02am

Thank you very much _az. My credentials where on ubuntu home and I was logged as root. I switched back to ubuntu and it worked now.

system · March 6, 2019, 12:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.