Check cert status if does not exist create it

Hi everybody,

I am trying to create a certificate to be used in AWS beanstalk instance.
I have a script in place that creates the cert with no problem, but the issue is that every time, the instance is deployed the script is being run and create the a new cert for the domain and there is a limitation in the number of cert you can create for a specific domain.

so what I need right now is to check if the cert exist and if it does exist do not create it and if the cert does not exist create it.

can anybody help me to put that logic together please? I appreciate all the help in advance.

Thank you,

1 Like

That's something every ACME client should do.

Without A LOT more details perhaps, but not with this little info.


I can give some tips. Are you using a single instance or a load balancer beanstalk environ? The answer affects the overall architecture of your solution but the key factor is you need to store and retrieve the cert from persistent storage. There are various methods for that ... you could just use S3. For larger EC2 instances there is the Nitro Enclave but I am not sure those are supported by beanstalk. There are other AWS options for persistent storage.

You might find this topic helpful if scaling in load balancer:
How to use Let's Encrypt with multiple servers



Thanks for your suggestion, I have a working scenario using s3 and during the deploy pulling the files from there. but the problem with that solution is that you have to manually replace the cert when it expires. I want something more automated so I do not have to manually renew the cert.
The current script I have works fine create it. I just need to put the conditional in place like

If the cert exist => do nothing 
if the crert does not exist => run this command/script



I am puzzled. If you can create the cert why not just create another one when the last is close to expiry? Then write that to S3. AWS has a robust API



Thank you, I will check on that.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.