Automate Certbot generated SSL Certificate Renewal with, AWS Systems Manager, AWS EC2 and Terraform
<h1>Overview</h1>
<p>The following solution can be implemented on AWS to schedule a renewal for SSL Certificates generated with <a href="https://certbot.eff.org/" rel="noopener ugc nofollow" target="_blank">Certbot</a> and the Certbot <a href="https://certbot-dns-route53.readthedocs.io/en/stable/" rel="noopener ugc nofollow" target="_blank">certbot-dns-route53</a> plugin.</p>
<h2>What is Certbot ?</h2>
<p>As per the official Cerbot website,</p>
<blockquote>
<p>Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.</p>
<p>Certbot is made by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation.</p>
</blockquote>
<h2>The solution works as follows.</h2>
<ol>
<li>A AWS Systems Manager Maintenance Window with a cron to run the associated Maintenance Window Tasks every 3 months.</li>
<li>The Maintenance Window Tasks run in the order of their priority, 1, 2 and 3. The lowest priority number will run first.</li>
<li>The <strong>StartEC2Instance</strong> task will start the Certbot EC2 Instance if it is not in a running state</li>
<li>The <strong>RunRenewSSLCertificateTask</strong> will run the bash commands on the Certbot EC2 Instance to renew the SSL Certificate. The Route53 domain is used by Certbot to validate if the domain exists. The SSL Certificate value is saved to an existing AWS SecretsManager secret.</li>
<li>The <strong>StopEC2Instance</strong> will stop the Certbot EC2 Instance once the certificate renewal process has completed.</li>
</ol>
<p><a href="https://medium.com/@mr.mornesnyman/automate-certbot-generated-ssl-certificate-renewal-with-aws-systems-manager-aws-ec2-and-4cee0bcdf213"><strong>Read More</strong></a></p>