adds support for Route53

engineyard · Sep 16, 2021 · d67a692 · d67a692
1 parent 4878e4d
commit d67a692
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/cookbooks/letsencrypt/README.md b/cookbooks/letsencrypt/README.md
@@ -11,6 +11,7 @@ This installs and sets up the optional LetsEncrypt recipe on the engineyard stac
 
 * Have a [certificate](https://support.cloud.engineyard.com/hc/en-us/articles/205407488-Obtain-and-Install-SSL-Certificates-for-Applications#topic8) applied to the [environment](https://support.cloud.engineyard.com/hc/en-us/articles/205407488-Obtain-and-Install-SSL-Certificates-for-Applications#topic12) 
 
+* Have the application deployed successfully
 
 **Environment Variables**
 
@@ -43,6 +44,8 @@ To automatically create a wildcard certificate
 
 * `www` is not included so you may wish to use `www.example.com` and `example.com` if you're using a SAN certificate
 
+* Route53 provider (AWS). Requires the custom variable `AWS_CONFIG_FILE` to be set as `/opt/.letsencrypt-secrets`
+
 
 **Supported DNS Providers**
 
@@ -72,4 +75,4 @@ To automatically create a wildcard certificate
 
 * route53 - https://certbot-dns-route53.readthedocs.io/en/stable/
 
-* sakuracloud - https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
+* sakuracloud - https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
@@ -40,8 +40,15 @@
       )
     end
 
+    case type
+    when /route53/
+      dns_type = ""
+    else
+      dns_type = "--dns-#{type}-credentials /opt/.letsencrypt-secrets"
+    end
+
     execute "Issue certiciate initially" do
-      command "certbot certonly --dns-#{type} --dns-#{type}-credentials /opt/.letsencrypt-secrets -d #{domain} --non-interactive --agree-tos --register-unsafely-without-email --dry-run"
+      command ". /data/#{app}/shared/config/env.cloud && certbot certonly --dns-#{type} #{dns_type} -d #{domain} --non-interactive --agree-tos --register-unsafely-without-email --dry-run"
       not_if { File.exist?("/etc/letsencrypt/live/#{md}/privkey.pem") }
     end
 

diff --git a/cookbooks/letsencrypt/templates/copycerts.sh.erb b/cookbooks/letsencrypt/templates/copycerts.sh.erb
@@ -4,6 +4,7 @@ appname='<%= @app_name %>'
 md='<%= @md %>'
 ssh_options='ssh -i /root/.ssh/internal -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=10'
 
+source /data/${appname}/shared/config/env.coud
 
 if [[ $(find "/etc/letsencrypt/live/${md}/fullchain.pem" -mtime +30 -print)  ]]; then