Create Server Certificate (LetsEncrypt)
Check your selected region
Make sure you have selected the desired region, ex:
US East (N. Virginia) us-east-1.
Follow the Launch EC2 Instance guide to launch an Amazon 2 Linux instance in a VPC with attached Internet Gateway.
After logging into the launched EC2 instance via SSH, install
certbot to interact with LetsEncrypt.
sudo amazon-linux-extras install -y epel
sudo yum install -y certbot
Then issue the wildcard certificate such as
sudo certbot -d *.example.aklivity.io --manual --preferred-challenges dns --key-type rsa certonly
This will require you to respond to the challenge by adding a custom DNS record proving ownership of the wildcard domain, such as
certbot completes, the relevant files for the certificate chain and private key have been generated, called
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Now we need to prepare the secret value by combining these together:
sudo cat /etc/letsencrypt/live/example.aklivity.io/privkey.pem >> wildcard.example.aklivity.io.pem
sudo cat /etc/letsencrypt/live/example.aklivity.io/fullchain.pem >> wildcard.example.aklivity.io.pem
Then we can create the secret, for example:
aws secretsmanager create-secret \
--region us-east-1 \
--name wildcard.example.aklivity.io \
Note the returned secret ARN as it will be needed later.
LetsEncrypt certificates are valid for 90 days, so you will need to renew the certificate and update the secret value accordingly before expiration. The latest secret value is obtained automatically upon restarting the Zilla proxy instance.