Sub-domain cert for AWS S3 bucket

Hello - my domain ( is hosted with - they set up the Let's Encrypt Cert for it, and I have no idea what or how they did it.
We use AWS S3 to serve files for our website, and I would like to LE it :slight_smile:

My domain is: My sub-domain is:

I ran this command: I haven't done a thing but -read read read, and I'm still confused.

My web server is (include version): I have tried to find this info for AWS S3, but I cannot.
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Shared hosting at

I can login to a root shell on my machine (yes or no, or I don't know): I don't know - for S3
No - for rosehosting

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Cpanel - 92.0.9

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am not


Last I checked, you cannot attach an SSL certificate directly to S3.

You need to put your S3 bucket behind a Cloudfront distribution first. Then you point your domain at the Cloudfront distribution, instead of directly at S3.

From there, Amazon can give you a free and automatically renewing certificate for your Cloudfront distribution via ACM.

No need to use Let's Encrypt at all, Cloudfront+ACM is pretty convenient.


I realized that my post might read like a bunch of gobbledygook so here's some tutorials which describe the same thing in a friendlier way:


Oh, not at all.... that's just what I needed - a clear path to achieve the goal. I read all kinds of contradictory things, so thank you very much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.