search

vancluever / terraform-provider-acme-old

ACME (Let's Encrypt) Support for Terraform
Other
206 stars 26 forks source link

How to register the letsencrypt certificate to AWS Certificate Manager #17

Closed ozbillwang closed 7 years ago

ozbillwang commented 7 years ago

I'd like to import self-sign or free certificate into AWS Certificate Manager by terraform (https://aws.amazon.com/certificate-manager/) and I found this ACME provider.

I have successfully applied the change with the full example (https://github.com/paybyphone/terraform-provider-acme#full-example-with-certificate_request_pem-and-dns-validation)

Now what should I do? How to provide below informations ?

Certificate body
Certificate private key
Certificate chain

Check the tfstate file, there is a resource acme_certificate.certificate generated with several pem key, how to use them?


                "acme_certificate.certificate": {
                    "type": "acme_certificate",
                    "depends_on": [
                        "acme_registration.reg",
                        "tls_cert_request.req",
                        "tls_private_key.reg_private_key"
                    ],
                    "primary": {
                        "id": "https://acme-v01.api.letsencrypt.org/acme/cert/xxxx",
                        "attributes": {
                            "account_key_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAtjLxxxxV2dlT0EpeNWbvuydrc6Xf6PL\n-----END RSA PRIVATE KEY-----\n",
                            "account_ref": "https://acme-v01.api.letsencrypt.org/acme/reg/xxx",
                            "certificate_domain": "stag.newsnow.io",
                            "certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIFGDCCBACgAwIBxxxxkaLBVsGY6vA=\n-----END CERTIFICATE REQUEST-----\n",
                            "certificate_url": "https://acme-v01.api.letsencrypt.org/acme/cert/031408ad563ff33291d02f21bdd3e2a3c595",
                            "dns_challenge.#": "1",
                            "dns_challenge.1056487162.config.%": "0",
                            "dns_challenge.1056487162.provider": "route53",
                            "http_challenge_port": "80",
                            "id": "https://acme-v01.api.letsencrypt.org/acme/cert/031408ad563ff33291d02f21bdd3e2a3c595",
                            "issuer_pem": "-----BEGIN CERTIFICATE-----\nMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2xxxV2dlT0EpeNWbvuydrc6Xf6PL\n-----END RSA PRIVATE KEY-----\n",
                            "key_type": "2048",
                            "min_days_remaining": "7",
                            "must_staple": "false",
                            "private_key_pem": "",
                            "registration_url": "https://acme-v01.api.letsencrypt.org/acme/reg/21546469",
                            "server_url": "https://acme-v01.api.letsencrypt.org/directory",
                            "tls_challenge_port": "443"
                        },
                        "meta": {},
                        "tainted": false
                    },
                    "deposed": [],
                    "provider": ""
                },
vancluever commented 7 years ago

Hey @ozbillwang, glad you're finding the plugin useful!

More than likely, the fields you are looking for translate to:

If you need a really good reference, Open Credo has a great article on using the plugin with AWS here: https://opencredo.com/letsencrypt-terraform/

Cheers!

ozbillwang commented 7 years ago

Thanks, it works.

I will add some codes to my repo (https://github.com/BWITS/tf_aws_acme) to directly import (or update when expired) the certificates automatically to AWS Certificate manager after register a new free letsencrypt certificate.