We're currently using Let's Encrypt to generate and manage TLS certificates for quay.net and several other domains.
Currently quay.net is hosted on Amazon's EC2 and uses the AWS Route 53 service for public DNS on the Internet. We can use the certbot dns-route53 plugin with Debian 10 to manage authentication using the following script.
#!/bin/bash # my domains mapfile -t domains <<-DOMAINS quay.net gabriel.to gabrielobrien.ca k538.ca unx.is badphoto.ca badphotography.ca DOMAINS # AWS credentials export AWS_ACCESS_KEY_ID="my key id" export AWS_SECRET_ACCESS_KEY="my secret" # generate wildcard records for each domain for domain in ${domains[@]}; do domainlist+="-d $domain -d *.${domain} " done systemctl stop nginx certbot certonly --dns-route53 $domainlist systemctl start nginx