amazon-web-servicesapacheubuntulets-encryptcertbot

Certbot unable to locate environment variable credentials


I have an Ubuntu 20.04 server on an AWS EC2 instance running Apache and I'm trying to obtain a certificate using certbot, however I'm having trouble with credentials. Below is the command I run, followed by the error output:

user@address:~$ sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d mydomain.com -d *.mydomain.com -i apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-route53, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for mydomain.com
dns-01 challenge for mydomain.com
Cleaning up challenges
Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.

I've followed the below guides:

  1. https://certbot.eff.org/lets-encrypt/ubuntufocal-apache.html (wildcard tab, up to step 6)
  2. https://certbot-dns-route53.readthedocs.io/en/stable/ (created an IAM policy and applied it to a new user)

and chosen to set the credentials using environment variables:

$ export AWS_ACCESS_KEY_ID=<id>
$ export AWS_SECRET_ACCESS_KEY=<secret>

When I use $ printenv AWS_ACCESS_KEY_ID and $ printenv AWS_SECRET_ACCESS_KEY I am shown the credentials on screen, so I don't understand why certbot is unable to locate them.

Any ideas?


Solution

  • By running the certbot command as sudo the environment variable is not set anymore.

    Either connect to sudo su then export the variables and run or take a look at using a credentials file to allow the command access to the IAM key and IAM secret.

    More information available here.