Has anyone successfully automated the SSL certificate renewal process using DigiCert and AWS for EC2 servers? I'm looking for advice on streamlining the entire process, which includes generating a CSR, creating private keys, obtaining a PEM/CER file, and ensuring automatic renewal.
4 Answers
Why not use a Lambda function? You can trigger it with EventBridge to automate tasks related to your SSL certificates.
I agree with TechieGuru89—the process with DigiCert is typically independent of AWS. That said, I built a Lambda that pulls new or renewed public certificates from ACM every day, converts them to PFX format, and saves them in an S3 bucket. The PFX file names include the primary domain and issue date, and I store the password in Secrets Manager. My Windows servers then check the S3 bucket daily for new certs to import and bind with IIS.
If you're dealing with EC2 and third-party certificates, AWS isn't really involved in that part. A solid option is to use Certbot for managing your certificates directly on the server.
Just a heads up, AWS Certificate Manager (ACM) now lets you export SSL certificates, including private keys. This could work well for your EC2 instances! Check out their blog for more details on how it all fits together.
That's impressive! Do you think an ACME client would still be applicable here?