Looking to use certbot for internal servers. I registered up a domain in AWS.
Next, need to figure out the certbot-dns-route53 plugin install. According to this guy
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get install certbot python3-certbot-dns-route53
I’m on ubuntu 22 so it looks like snapd is the recommended way.
sudo snap install –classic certbot
And then the plugin like
nap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-route53
Create a user and assign the policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets"
],
"Resource": "*"
}
]
}
Then run the command
sudo certbot certonly –dns-route53 -d ‘*.yoursite.com’
(Use of –dns-route53-propagation-seconds is deprecated.)
— copy the cert and key to grafana (/etc/grafana/)
https://www.turbogeek.co.uk/grafana-how-to-configure-ssl-https-in-grafana/
sudo chown grafana:grafana grafana.crt
sudo chown grafana:grafana grafana.key
sudo chmod 400 grafana.key grafana.crt
Modify grafana.ini so that it uses https and the certs
[server]
protocol = https
http_port = 3000
domain = yoursite.com
enforce_domain = false
root_url = https://yoursite.com
cert_file = /etc/grafana/grafana.crt
cert_key = /etc/grafana/grafana.key
Michael Ellerbeck 