Three months ago I created Let's Encrypt certificate using Lego. Today was the time to renew it.

Lego is now even better than before. At the time of certificate creation, renew option was not working, but now is fully supported. This time I didn't build Lego from source, I just downloaded binary and replaced old one. Renewal is easy as creation:

$ ./lego --email="[my e-mail]" --domains="" --domains="" --dns="route53" renew

Again, Lego did two ACME challenges, for both domains and I got certificates for both domains in .logo/certificatesand used aws cli to install certificate on CloudFront CDN (this require AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID and AWS_REGION environment variables set):

$ aws iam upload-server-certificate --server-certificate-name --certificate-body file:// --private-key file:// --path /cloudfront/prod/

After changing certificate for CloudFront distribution on AWS console and confirming that certificate work, I removed old one:

$ aws iam delete-server-certificate --server-certificate-name

I'm definitively sticking with Lego for any work with Let's Encrypt certificates.

Share on: