.ebextensions script for automatically installing letsencrypt SSL with Webroot mode on an Elastic Beanstalk running on Nginx without Elastic Load Balancing
55
stars
26
forks
source link
Very nice! Could you explain just a bit more how it works? #1
Hi Sammy - this looks really great and is exactly what I've been looking for since Let's Encrypt stopped supporting the TLS-SNI-01 challenge type.
Would you mind explaining a few things about this script to me very briefly? I would be eternally grateful.
How does moving .pre to .conf work? While these scripts are running during the deployment, is nginx already started? Will this work on the first deployment, or does it depend on nginx already running from a previous working deployment?
I have some other custom nginx config I need for proxying through certain paths - would I include that in both the 000_http_redirect_custom.conf section AND the /etc/nginx/conf.d/https_custom.pre section, or only one of the sections? Which section is actively in use after the app is deployed - I assume both?
What does the yum / epel-release section do? Is it required?
Do we need to do the linking step in the 40_link: section? I am going to be doing this for multiple certificates (about 35) so I figured I would just leave them where certbot creates them, and reference them by that name in the nginx config with a separate virtual server block for each. Any reason that wouldn't work? I assume you're just doing the linking step so you can pass in the ${CERTDOMAIN} environment variable without modifying the nginx config.
Hi Sammy - this looks really great and is exactly what I've been looking for since Let's Encrypt stopped supporting the TLS-SNI-01 challenge type.
Would you mind explaining a few things about this script to me very briefly? I would be eternally grateful.