install certbot on Amazon Linux 2023 

Note: certbot is now available starting from version 2023.3.20231211. To install

          sudo dnf install -y certbot python3-certbot-dns-route53
          sudo dnf install -y python3-certbot-apache
          sudo dnf install -y python3-certbot-nginx
          sudo systemctl daemon-reload
          sudo systemctl enable --now certbot-renew.timer

Instructions below applies to earlier versions…

Use the pip instructions at https://certbot.eff.org/instructions?ws=other&os=pip

sudo dnf install -q -y python3 augeas-libs
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot

sudo /opt/certbot/bin/pip install certbot-dns-route53
sudo /opt/certbot/bin/pip install certbot-apache
sudo /opt/certbot/bin/pip install certbot-nginx

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Works well with R53, Apache and Nginx

Add this for automated renewal

cat << EoF  | sudo tee -a /usr/lib/systemd/system/certbot-renew.timer
[Unit]
Description=This is the timer to set the schedule for automated renewals
[Timer]
OnCalendar=*-*-* 00/12:00:00
RandomizedDelaySec=12hours
Persistent=true
[Install]
WantedBy=timers.target
EoF


sudo touch /etc/sysconfig/certbot
cat << EoF  | sudo tee -a /usr/lib/systemd/system/certbot-renew.service
[Unit]
Description=This service automatically renews any certbot certificates found
[Service]
EnvironmentFile=/etc/sysconfig/certbot
Type=oneshot
ExecStart=/usr/bin/certbot renew --noninteractive --no-random-sleep-on-renew $PRE_HOOK $POST_HOOK $RENEW_HOOK $DEPLOY_HOOK $CERTBOT_ARGS
EoF

Enable certbot-renew daemon

sudo systemctl daemon-reload
sudo systemctl enable --now certbot-renew.timer

Certbot update script. I was able to update to 2.7.0 recently

cat << EoF > /home/ec2-user/update-certbot
#!/bin/bash
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install --upgrade certbot
sudo /opt/certbot/bin/pip install --upgrade certbot-dns-route53
sudo /opt/certbot/bin/pip install --upgrade  certbot-apache
sudo /opt/certbot/bin/pip install --upgrade  certbot-nginx
0 0 投票数
Article Rating
订阅评论
提醒
guest
1 评论
最旧
最新 最多投票
内联反馈
查看所有评论
1
0
希望看到您的想法,请您发表评论x