feat!: 🏗 restructure using docker

[j3ko]

Docker is now used for deployment. Route 53 functionality has been removed temporarily.

[j3ko]

https://certbot.eff.org/instructions?ws=other&os=pip

[j3ko]

https://stackoverflow.com/a/76577462/314211

curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{"payload":"hello world!"}'

[j3ko]

docker build -t acm-autorenew --no-cache --progress=plain .

docker run -p 9000:8080 --env-file=./.env acm-autorenew

[j3ko]

https://stackoverflow.com/a/71105923/314211

[j3ko]

https://docs.aws.amazon.com/lambda/latest/dg/python-image.html#python-image-instructions

[j3ko]

https://stackoverflow.com/questions/29908036/passing-access-and-secret-key-aws-cli

[j3ko]

domain ::= name | wildcard | domain "," domain ;
name ::= component ( "." component )* ;
component ::= letter ( letter | digit )* ;
wildcard ::= "*." name ;

[j3ko]

Scripts

Build

docker build -t aws-certbot-build.

Run Locally

docker run -it --rm --env-file=./.env -v /var/run/docker.sock:/var/run/docker.sock aws-certbot-build

Deployment

docker run -it --rm --env-file=./.env -v /var/run/docker.sock:/var/run/docker.sock aws-certbot-build ./deploy.sh

[j3ko]

AWS-Certbot

Auto renew letsencrypt.org SSL certificates provisioned on ACM.

Pre-requisites

• Docker v24+

Quick Start

1. git clone [email protected]:j3ko/aws-certbot.git
   

2. cd aws-certbot
   

3. Edit .env.sample and fill the required fields

4. Build the docker image

   docker build -t aws-certbot-builder .

5. Run aws-certbot locally

   docker run -it --rm --env-file=./.env.sample -v /var/run/docker.sock:/var/run/docker.sock aws-certbot-builder

What does it do?

Running aws-certbot locally will:

1. Check ACM to see if any domains in DOMAIN_LIST are expiring soon.
2. If domains are missing or expiring, certbot runs and generates a new SSL certificate
3. Any newly generated certificates are uploaded to ACM

Environment Variables

Variable	Description	Required?
CERTBOT_VERSION	Certbot version to build	✅
APP_NAME	Name used for docker images/AWS resources	✅
AWS_ACCESS_KEY_ID	AWS access key	✅
AWS_SECRET_ACCESS_KEY	AWS secret access key	✅
AWS_DEFAULT_REGION	AWS region to use	✅
DOMAIN_LIST	A list of domains grouped by commas and semicolons semicolon seperates groups of domains while commas seperate individual domains; e.g., domain.com,*.domain.com;example.io,staging.example.io	✅
DOMAIN_EMAIL	Cloudflare API key with edit.zone permissions	✅
CERTS_RENEW_DAYS_BEFORE_EXPIRATION	Number of days before expiration to request renewal	✅

Deploying to AWS

1. Edit .env.sample and fill the required fields

2. Build the docker image

   docker build -t aws-certbot-builder .

3. Deploy aws-certbot to AWS

   docker run -it --rm --env-file=./.env.sample -v /var/run/docker.sock:/var/run/docker.sock aws-certbot-builder ./deploy.sh

What does it do?

1. The aws-certbot docker image is built and uploaded to ECR.
2. The cloud formation defined in cloud.yaml is deployed to run the docker image as a lambda function.
3. A timer is defined in cloud.yaml to execute the lambda function once a day.

Known Issues

• Only cloudflare managed domains can be used currentlyl
• Cloudflare API key is visible in lambda env. variables.
• Limit of 1000 domains in ACM.

Credits

AWS-Certbot is based largely on the following amazing projects:

• https://arkadiyt.com/2018/01/26/deploying-effs-certbot-in-aws-lambda/
• https://github.com/kingsoftgames/certbot-lambda

[j3ko]

https://stackoverflow.com/a/75376559/314211