This recipe will use Let's Encrypt to generate public certificates for a Amazon Route53 owned domain.
This is useful when you have an application that needs the .pem/.key files for a certificate for a public domain stored in AWS Secrets Manager.
This recipe includes a single CloudFormation template that generates a certificate, uploads the files to a secret. It uses a subnet for an instance to perform the certificate creation.
It uses the acme.sh script to geneate the certs.
The certificate is renewed and the corresponding Certificate and PrivateKey .pems are updated every 60 days as part of the renew process. It uses the acme.sh script to geneate the certs.
You can launch this template by following this quick-create link:
- Create Public Certificates
If you don't wish to use the quick-create link, you can also download the assets/main.yaml file and uploading it to the AWS CloudFormation console.
NOTE: The certificate lifetime is 60 days.
The Certificate secret and the PrivateKey secret represented by the CertificateArn and PrivateKeySecretArn will be updated at renewal. UpdateSecret events on the Secrets can be used to get notified of certificate renewal.
- Instance - No Charge after stack creation
- Secrets - You pay a small amount per month for each of the secrets as well as each API access.
See AWS Secrets Manager pricing for details.
When you are done using this configuration, you can delete it by navigating to the AWS CloudFormation console and deleting the relevant stack.