Want to setup SSL certificates with Let's encrypt Based on our requirement we are offering private labeling so we may have 1,000 of domains for which we may need to generate SSL automatically


#1

Please help how we can start with Let’s encrypt to generate ssl on demand. We are using AWS cloud front to host our React app

My web server is (include version): AWS cloud front

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS


#2

Hi @Jagjit

do you need certificates for 1000 different domains? This isn’t a problem. Best solution - create your own client. Or use one of the clients:

But with a lot of own domains, the options of standard-clients may not good. That depends on your software.

Sample: Can you create automatic files in domain1.com/.well-known/acme-challenge/tokenfilename ? And so on to domain1000.com? Or can you catch all traffic to /.well-known/acme-challenge/ and redirect that intern to a single directory

/own-acme-challenge/domain1.com.tokenfilename.txt

so that you are able to save all files in one directory?

Restrictions are per domain name (20 certificates per week, one certificate may have a lot of subdomains).

Or do you need 1000 subdomains? Perhaps you can use a wildcard-certificate.


#3

Hi,

If you are using AWS cloudfront, the best option for you is to use ACM (Amazon’s own certificate management)
which would let you issue & renew certificates automatically (with only one setup, a cname record)

Thank you


#4

@JuergenAuer Thanks for your reply. Actually as per our requirement we may have combination of domains/sub-domains that me reach to any limit as we are offering private lableling for our website that is built with React and hosted on aws cloud front moreover we are allowing our customers to create custom html pages from our app and we are offering them to open these from any domain that they provide to us… I read an ariticle from https://medium.com/@richardkall/setup-lets-encrypt-ssl-certificate-on-amazon-cloudfront-b217669987b2 and istalled the python and certbot on my machine… I wan the proper command that I need to run and how to run with certbot… I see the blow script

$ AWS_ACCESS_KEY_ID=<ACCESS_KEY>
AWS_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
letsencrypt --agree-tos -a letsencrypt-s3front:auth
-i letsencrypt-s3front:installer
–letsencrypt-s3front:auth-s3-bucket
–letsencrypt-s3front:auth-s3-region
–letsencrypt-s3front:installer-cf-distribution-id <DISTRIBUTION_ID> -d

Please help me how to generate ssl with certbot form my cloudfront aws with proper command.


#5

@stevenzhu. yes we can use aws certificate manager but we have a problem with them because one aws certificate only offers max 10 domains and one cloud-front only supports one certificate. Can you please help me to generate the ssl certificate from my aws cloudfornt from my windows machine…


#6

Hi,

You could open a case with aws support and request to have up to 100 domains per certificate…

That’s not able to change… But even if you are using let’s encrypt services, you still have the same limits… ( And you’ll need to edit each cliudfront node every 90 days)

Thank you


#7

@stevenzhu that’s fine even we can increase the number of cloud-front distribution that’s not the issue . At this time I Just wan to try to cerate the ssl using let’s encrypt but got stuck in bw can you please help me how to run the command with certbot as I installed it with the python command line. Just help me to create the ssl with let’s encrypt that would be a great helpful


#8

Hi,

Did you install the certbot on the machine you host those apps?

If so, please try run certbot certonly and follow the directions …

The command above will get you 50% to your destination… It would provide you the certificates you needed, and you’ll need to manually import those to AWS ACM…

Thank you


#9

But you also mention “1000 domains”, “on demand” and “automatically”.

That doesn’t really compute with “Can you please help me to generate the ssl certificate from my aws cloudfornt from my windows machine…”.

Perhaps it’s best to take a look at this page:


#10

I followed this links https://medium.com/@richardkall/setup-lets-encrypt-ssl-certificate-on-amazon-cloudfront-b217669987b2 they are showing this script to run
AWS_ACCESS_KEY_ID=<ACCESS_KEY>
AWS_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
letsencrypt --agree-tos -a letsencrypt-s3front:auth
-i letsencrypt-s3front:installer
–letsencrypt-s3front:auth-s3-bucket
–letsencrypt-s3front:auth-s3-region
–letsencrypt-s3front:installer-cf-distribution-id <DISTRIBUTION_ID> -d

please help me how I need to run this scripts.

and installed the certbot on my local machine so now I need to create the ssl from my own machine and need to upload it on aws. Please guide me with simple steps as their is not enough docs for doing it from the windows machine.


#11

I’m sorry but I don’t know how to run those commands…

Thank you


#12

@Osiris thanks for your reply. I am checking it now.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.