Has anyone tried to install LE certs on Elastic Beanstalk?


#1

They’ve had requests to build in the service, but I’m assuming that doing this now will involve manual cert generation and manual install?


#2

OK, I got this working, and will be writing up the experience.


#3

#4

Can you elaborate on how you completed this portion. I’m currently using Elastic Beanstalk, but not using Docker yet. How do I create a file with the specified content when letsencrypts prompts for it?


#5

answered on my post. the key is configuring “static files”.


#6

I am working on setting up a cert for EB at the moment. I attempted to run the following command:

./letsencrypt-auto certonly -d nickandgrace.us -v

I am getting the following stack trace:

2016-01-09 14:45:25,793:DEBUG:letsencrypt.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/standalone.py", line 205, in perform
    "At least one of the (possibly) required ports is "
MisconfigurationError: At least one of the (possibly) required ports is already taken.

2016-01-09 14:45:25,794:DEBUG:letsencrypt.error_handler:Calling registered functions
2016-01-09 14:45:25,794:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-01-09 14:45:25,835:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 11, in 
    sys.exit(main())
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1396, in main
    return args.func(args, config, plugins)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 598, in obtain_cert
    _auth_from_domains(le_client, config, domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 402, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 80, in get_authorizations
    cont_resp, dv_resp = self._solve_challenges()
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/standalone.py", line 205, in perform
    "At least one of the (possibly) required ports is "
MisconfigurationError: At least one of the (possibly) required ports is already taken.

Any ideas where to start digging on this one. I am running this command from one of my elastic beanstalk EC2 hosts.


#7

I don’t think that approach can work.


#8

Heres a solution that is automated for getting free Letsencrypt ssl certs onto single instance elastic beanstalk node servers:
http://bluefletch.com/blog/domain-agnostic-letsencrypt-ssl-config-for-elastic-beanstalk-single-instances/