Use AWS Lambda to manage SSL certificates for Lets-Encrypt.
This project utilizes AWS Lambda to periodically (once per day) check a set of certificates for expiration, and then if they're about to expire or invalid/missing, it will request a new certificate from the Lets-Encrypt infrastructure.
Certificates are stored in S3, which can easily be configured to send an SNS notification based upon a PUT event into the configured bucket.
Please see the roadmap for a sorted list of upcoming features by priority.
This project requires a little configuration to be used in AWS.
Modify the configuration file with the values needed for your environment:
| Variable | Description |
|---|---|
acme-directory-url |
Change to production url - https://acme-v01.api.letsencrypt.org if ready for real certificate. |
acme-domains |
Array of domains to receive certificates for. |
acme-account-email |
Email of user requesting certificate. |
s3-account-bucket |
An S3 bucket to place account keys/config data into. You will need to create this bucket and assign the IAM role to read/write. |
s3-cert-bucket |
An S3 bucket to place domain certificate data into. You will need to create this bucket and assign the IAM role to read/write. |
s3-folder |
A folder within the above buckets to place the files under, in case there are other contents of these buckets. |
Follow these steps to get started:
-
Git-clone this repository.
$ git clone [email protected]:ocelotconsulting/node-letsencrypt-lambda.git -
Modify configuration (as above).
-
Create S3 buckets, IAM role, then test locally:
$ npm run local-cert -
Package lambda zip:
$ npm run dist -
Create lambda by uploading zip, and establish your desired trigger (i.e. periodic).
Optional: You can write your certificates to a PEM file by executing:
$ npm run pems