I have an Ubuntu 20.04 server on an AWS EC2 instance running Apache and I'm trying to obtain a certificate using certbot, however I'm having trouble with credentials. Below is the command I run, followed by the error output:
user@address:~$ sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d mydomain.com -d *.mydomain.com -i apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-route53, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for mydomain.com
dns-01 challenge for mydomain.com
Cleaning up challenges
Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.
I've followed the below guides:
and chosen to set the credentials using environment variables:
$ export AWS_ACCESS_KEY_ID=<id>
$ export AWS_SECRET_ACCESS_KEY=<secret>
When I use $ printenv AWS_ACCESS_KEY_ID and $ printenv AWS_SECRET_ACCESS_KEY I am shown the credentials on screen, so I don't understand why certbot is unable to locate them.
Any ideas?
By running the certbot command as sudo the environment variable is not set anymore.
Either connect to sudo su then export the variables and run or take a look at using a credentials file to allow the command access to the IAM key and IAM secret.
More information available here.