Skip to content

Certbot (Let's Encrypt/ACME) build for Serverless operations.

License

Notifications You must be signed in to change notification settings

aries1980/serverless-certbot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status

The Problem

Run Certbot on the first of every month and upload the certificates to a cloud storage.

SSL/TLS certificates is a must for any external communication. Not just because the served traffic is a secret, but also to hide the endpoint that is serving. Also it is a must for SEO, HTTP/2, but it is a good practice in general.

Company-provided TLS certificates are expensive, thank God we have the free Let's Encrypt and Certbot! Because the letsencrypted TLS certificates have to be renewed in every 90 days the least. So let's say, this task should run monthly. Because it is written in Python, it would make sense to run it as a serverless application. Unfortunately Certbot saves the certificates on a local storage, so an extra code needs to bundled to handle the serverless requests and

The Solution

  • Have a code that glues the serverless event and Certbot. Luckly there is a code snippet for AWS Lambda what I borrowed. Cheers, mate!

The process is inspired by Deploying EFF's Certbot in AWS Lambda.

  • Create a build pipeline
    • Installs a given version of Certbot into a Python virtual environment.
    • Adds the snippet
    • Zips it up
    • Provide a release artifact on Github.

Usage

  • Copy the certbot-lambda-[certbot_version].zip into AWS S3. (More cloud provider support is planned. Feel free to create a PR!)
  • Terraform the serverless application.