Certbot AWS Renewals

Here are the instructions for renewing Certbot SSL certificates in AWS Certificate Manager. Certbot provides SSL certificates for free for 60 days and are auto-renewed before they expire. If you are using Certbot SSL certificates with CloudFront, you will need to reimport them to AWS Certificate Manager before expiration.

  1. Get the latest SSL certificate by running “certbot certificates.”
  2. Reimport the certificate in 3 parts.
    • Certificate Body – the root or top portion of the full chain
    • Certificate Private key – the private key
    • Certificate chain – the entire full chain containing multiple certificates
  3. Click Save. Check expiration.

You’ll need to update the certificate before the next expiration date.

AWS Assume Role

If you have multiple AWS accounts, you can gain additional permission by authorizing it to a different AWS account via IAM. Here’s the assume role documentation from AWS. And here are some documentation if you need to grant someone to switch accounts. If you are going to be using the AWS CLI, you will need to run “aws configure” to setup multiple profiles.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::*:role/your-custom-role"
            ],
            "Effect": "Allow"
        }
    ]
}

AWS CLI Lightsail

Get instance details

aws lightsail get-instance --instance-name your-server

Get instance state

aws lightsail get-instance-state --instance-name your-server

Create a snapshot

aws lightsail create-instance-snapshot \
--instance-snapshot-name your-server-new-snapshot-201905192200 \
--instance-name your-server

Create disk from snapshot

aws lightsail create-disk-from-snapshot \
--disk-name your-server-new-boot-disk \
--disk-name your-server-new-snapshot-201905192200 \
--availability-zone us-east-1a
--size-in-gb 50

Attach Disk

aws lightsail attach-disk \
--disk-name your-server-new-boot-disk \
--instance-name your-server \
--disk-path /dev/sda1

Create instance from snapshot

aws lightsail create-instance-snapshot \
--instance-snaphot-name your-server-new-snapshot-201905192200
--instance-name your-server

Attach Static IP Address

aws lightsail attach-static-ip \
--static-ip-name your-ip-name \
--instance-name your-server