通过 dns 为 route53 颁发证书时,Certbot 无法找到 AWS 凭证
[英]Certbot unable to find AWS credentials when issuing certificate via dns for route53
问题描述
I need to get an certificate for my domain hosted on AWS Route 53 from LetsEncrypt.
我需要从 LetsEncrypt 为托管在 AWS Route 53 上的域获取证书。 I do not have any port 80 or 443 exposed since the server is used for VPN and does not have a public access.我没有暴露任何端口 80 或 443,因为服务器用于 VPN 并且没有公共访问权限。
So the only way to do this is via DNS validation of route 53.所以唯一的方法是通过 DNS 验证路由 53。
So far I have installed certbot and dns-route53 plugin到目前为止,我已经安装了 certbot 和 dns-route53 插件
sudo snap install --beta --classic certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
I have created a special user in my AWS account who has access to Route53 and I have added the access key id and secret access key in the ~/.aws/config and also ~/.aws/credentials which looks something like this我在我的 AWS 帐户中创建了一个可以访问 Route53 的特殊用户,并且我在 ~/.aws/config 和 ~/.aws/credentials 中添加了访问密钥 ID 和秘密访问密钥,看起来像这样
[default]
aws_access_key_id=foo
aws_secret_access_key=bar
Basically followed every step given here: https://certbot-dns-route53.readthedocs.io/en/stable/基本上遵循此处给出的每个步骤: https://certbot-dns-route53.readthedocs.io/en/stable/
Now when I run the following command:现在,当我运行以下命令时:
sudo certbot certonly -d mydomain.com --dns-route53
It gives the following output:它给出以下 output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-route53, Installer None
Requesting a certificate for mydomain.com
Performing the following challenges:
dns-01 challenge for mydomain.com
Cleaning up challenges
Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.
I went to the documentation given in the error message: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#best-practices-for-configuring-credentials我去了错误消息中给出的文档: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#best-practices-for-configuring-credentials
but I do not think there is anything wrong I am doing但我不认为我做错了什么
I even went to the root level by doing sudo su and exported the AWS keys as env vars there and even exported the AWS keys in the home as well but it still throws me the same error.我什至通过执行sudo su进入根级别并将 AWS 密钥导出为 env vars 甚至在家中导出 AWS 密钥,但它仍然抛出同样的错误。
1 个解决方案
解决方案1
4 2022-02-17 15:22:59
so I also ran into this same issue, and it's likely because of you running certbot with sudo , when do you do that, whatever user you've used as ~/ , is ignored, as instead, it's looking in /root/ .所以我也遇到了同样的问题,这可能是因为你用sudo运行 certbot,你什么时候这样做,无论你用作~/的用户,都会被忽略,因为它正在寻找/root/ 。
I fixed it by (centos) is my user where I have the .aws/ directory with config and credential files.我通过 (centos) 修复它是我的用户,我有.aws/目录,其中包含config和credential文件。
sudo -s
ln -s /home/centos/.aws/ ~/.aws
ls -lsa ~/.aws
... /root/.aws -> /home/centos/.aws/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.