Add instructions for using Route53 for DNS (#766)

* Add instructions for using Route53 for DNS

Add instructions for using Route53 for DNS

* Update letsencrypt.md

Updates to use AWS_SHARED_CREDENTIALS_FILE.

docs/letsencrypt.md

@@ -75,3 +75,91 @@ This example shows that PiKVM may not be accessible from the internet, but you c
    ```
 
 4. Next follow the basic guide.
+
+
+## Route53 DNS
+
+This example shows that PiKVM may not be accessible from the internet, but you can still get a certificate if you use AWS Route53 DNS. Make sure you are running an image newer than 2022.06.20 and kvmd version 3.119-1 or greater. 
+
+1. Switch filesystem to RW and install the Route53 DNS plugin:
+   ```
+   # rw
+   # pacman -S certbot-dns-route53
+   ```
+
+2. Configure Your AWS User
+    For the certbot_dns_route53 plugin to work it needs to be able to connect to AWS using an access key with the correct permissions.
+
+    To do this securely you’ll want to create a new AWS user that only has the necessary permissions it needs to work.
+
+    You can find instructions for creating a user [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console). The basics of it is you’ll want a user with Programmatic access (not console), add it to a group (I created a new one just for this user and any future certbot users I might need).
+
+    The user will need specific permissions that are required to allow the certbot plugin to create the necessary CNAME records. These can be added by manually selecting them from a very long list or you can use the json view to give it the following permissions.
+
+    ```
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "route53:ListHostedZones",
+                    "route53:GetChange"
+                ],
+                "Resource": [
+                    "*"
+                ]
+            },
+            {
+                "Effect" : "Allow",
+                "Action" : [
+                    "route53:ChangeResourceRecordSets"
+                ],
+                "Resource" : [
+                    "arn:aws:route53:::hostedzone/YOURHOSTEDZONEID"
+                ]
+            }
+        ]
+    }
+    ```
+    Make sure you replace YOURHOSTEDZONEID with the instance ID of your hosted zone.
+
+    Once the user is created don’t forget to download and save your access key and secret access key (somewhere secure, these are as sensitive as your passwords).
+
+3. Setup credentials:
+
+    We now need to put the AWS credentials on the PiKVM so the certbot can use them. 
+    ```
+    kvmd-pstrun -- mkdir /var/lib/kvmd/pst/data/certbot/
+    kvmd-pstrun -- mkdir /var/lib/kvmd/pst/data/certbot/runroot
+    ```
+
+    Copy and paste your AWS credentials into the nano editor and save the file. 
+    ```
+    kvmd-pstrun -- nano /var/lib/kvmd/pst/data/certbot/runroot/.route53.auth
+    ```
+    Here is an example .route53.auth file. Replace the placeholders with the access key and secret access key that you just saved from AWS and fill them in.
+    
+    ```
+    [default]
+    aws_access_key_id=XXXXXX
+    aws_secret_access_key=XXXX/XXXXX
+    ```
+    
+    Update permissions:
+    ```
+    kvmd-pstrun -- chmod 600 /var/lib/kvmd/pst/data/certbot/runroot/.route53.auth
+    ```
+    
+4. Obtain the certificate:
+   ```
+   export AWS_SHARED_CREDENTIALS_FILE="/var/lib/kvmd/pst/data/certbot/runroot/.route53.auth"
+   kvmd-certbot certonly \
+       --dns-route53 \
+       --agree-tos \
+       -n \
+       --email user@example.com \
+       -d pikvm.example.com
+   ```
+
+4. Next follow the basic guide.