* Add instructions for using Route53 for DNS
Add instructions for using Route53 for DNS
* Update letsencrypt.md
Updates to use AWS_SHARED_CREDENTIALS_FILE.
@ -75,3 +75,91 @@ This example shows that PiKVM may not be accessible from the internet, but you c
```
4. Next follow the basic guide.
## Route53 DNS
This example shows that PiKVM may not be accessible from the internet, but you can still get a certificate if you use AWS Route53 DNS. Make sure you are running an image newer than 2022.06.20 and kvmd version 3.119-1 or greater.
1. Switch filesystem to RW and install the Route53 DNS plugin:
```
# rw
# pacman -S certbot-dns-route53
```
2. Configure Your AWS User
For the certbot_dns_route53 plugin to work it needs to be able to connect to AWS using an access key with the correct permissions.
To do this securely you’ll want to create a new AWS user that only has the necessary permissions it needs to work.
You can find instructions for creating a user [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console). The basics of it is you’ll want a user with Programmatic access (not console), add it to a group (I created a new one just for this user and any future certbot users I might need).
The user will need specific permissions that are required to allow the certbot plugin to create the necessary CNAME records. These can be added by manually selecting them from a very long list or you can use the json view to give it the following permissions.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect" : "Allow",
"Action" : [
"route53:ChangeResourceRecordSets"
],
"Resource" : [
"arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
]
}
]
}
```
Make sure you replace YOURHOSTEDZONEID with the instance ID of your hosted zone.
Once the user is created don’t forget to download and save your access key and secret access key (somewhere secure, these are as sensitive as your passwords).
3. Setup credentials:
We now need to put the AWS credentials on the PiKVM so the certbot can use them.
Here is an example .route53.auth file. Replace the placeholders with the access key and secret access key that you just saved from AWS and fill them in.