I am using Certbot and have several domains that I need to switch from HTTP authorization to AWS Route 53.
Both configurations are working fine, but now I need to switch all the certificates to use route 53. Is there a certbot command that does that?
In the config file I see this:
[renewalparams]
authenticator = apache
installer = apache
account = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
manual_public_ip_logging_ok = None
server = https://acme-v02.api.letsencrypt.org/directory
2
Answers
There is no command that "switches" your method of validation. If you want to ensure that future certificates can be authenticated, you can delete your existing certificates and then run certbot with your R53 configuration.
The other option would be to use
--force-renewaloption if you don’t want to delete your existing certificates.It is important to know that switching from HTTP validation to Route 53 (or any DNS based validation, really) only provides you the ability to create wildcard certificates on your domain. Once validations occur, the certificate isn’t any different (again, with the caveat of issuing wildcard certificates).
I found this thread in the letsencrypt community forum, where it is mentioned, that the global
/etc/letsencrypt/cli.initakes precedence over the renewal config of the single domains. If all your domains should be authenticated via route53 you can add your config there.