Development on this application is not yet complete, and
amarillo should not be used in a production environment at this time.
Amarillo is a Ruby applications written to automation issuing Let's Encrypt certificates using dns-01 challenges through AWS Route 53.
Amarillo is distributed as a RubyGem and can be installed with:
gem install amarillo
amarillo requires the use of OpenSSL libraries and you may need to install with supplying the location of the OpenSSL headers.
gem install amarillo -- --with-openssl-dir=/opt/homebrew/Cellarfirstname.lastname@example.org/1.1.1k
amarillo --zone ZONE --name COMMONNAME --email EMAIL
amarillo --zone iachieved.it --name zabbix.operations.iachieved.it --email email@example.com
It's always bothered me that there is an entire industry around making money issuing SSL certificates. Sure, I understand that OV and EV certificates verify that there's an actual organization behind the certificate and that they are legitimate. But DV (domain validation) certificates still cost money, and all that's validated is you control a domain or an e-mail address. Unless you're running a bank...
Enter Let's Encrypt...
Unfortunately there a many of us who want secure communications between services and websites inside a corporate or private network. Let's Encrypt's out-of-the-box
certbot assumes that the website is on the public Internet.
amarillo you'll need to provide AWS credentials in an
aws.env file located in
/usr/local/etc/amarillo/. These credentials should be that of an AWS IAM user that only has programmatic access to Route 53 with the
The format of the
aws.env file is:
[default] aws_access_key_id= aws_secret_access_key=
You'll also want to have:
- an E-mail address
- Server Name
amarillo wants to leave files in
/etc/ssl/amarillo and will try to create this directory.
Let's Encrypt certificates expire 90 days after issuance.
On macOS, without
sudo gem install bundler bundle install
Pronounced "ah-ma-ree-show" in honor of mis amigos uruagayos. 🇺🇾🇺🇸