====== Let's Encrypt Usage Notes ======

We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains.

Currently quay.net is hosted on Amazon's EC2 and uses the AWS Route 53 service for public DNS on the Internet.  We can use the certbot dns-route53 plugin with Debian 10 to manage authentication using the following script.

<code bash>
#!/bin/bash

# my domains
mapfile -t domains <<-DOMAINS
quay.net
gabriel.to
gabrielobrien.ca
k538.ca
unx.is
badphoto.ca
badphotography.ca
DOMAINS

# AWS credentials
export AWS_ACCESS_KEY_ID="my key id"
export AWS_SECRET_ACCESS_KEY="my secret"

# generate wildcard records for each domain
for domain in ${domains[@]}; do
  domainlist+="-d $domain -d *.${domain} "
done

systemctl stop nginx
certbot certonly --dns-route53 $domainlist
systemctl start nginx
</code>