Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Wishlist] allow updating of CloudFront certificates too #41

Open
grischard opened this issue Apr 5, 2016 · 3 comments · May be fixed by #61
Open

[Wishlist] allow updating of CloudFront certificates too #41

grischard opened this issue Apr 5, 2016 · 3 comments · May be fixed by #61

Comments

@grischard
Copy link

No description provided.

@alex
Copy link
Owner

alex commented Apr 5, 2016

From an API perspective, what's involved in updating a cloudfront cert? If
you can point me to the API, I think it'd be straigthforward.

On Tue, Apr 5, 2016 at 3:47 PM, Guillaume Rischard <[email protected]

wrote:


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#41

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6

@grischard
Copy link
Author

grischard commented Apr 6, 2016
edited
Loading

Thank you! It looks like you need to update the ViewerCertificate part of the CloudFront distribution config:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html

Maybe

https://boto3.readthedocs.org/en/latest/reference/services/cloudfront.html#CloudFront.Client.get_distribution_config to get the config object, get the IamCertificateId to check for expiration, then update the object to set CloudFrontDefaultCertificate to false and IamCertificateId to the new one, then https://boto3.readthedocs.org/en/latest/reference/services/cloudfront.html#CloudFront.Client.update_distribution to set the new config.

The port is irrelevant for cloudfront, there's only one certificate per distribution.

alex added a commit that referenced this issue Apr 9, 2016
@alex
Fixed #41 -- allow updating cloudfront certificates
d733fd7
@alex
Copy link
Owner

alex commented Apr 9, 2016

PR #44 covers this, but it needs a bunch of testing, I don't have CF distribution set up to make sure this works.

kageurufu added a commit to kageurufu/letsencrypt-aws that referenced this issue May 11, 2016
@kageurufu
Add Cloudfront and ElasticBeanstalk support
cdaf9f3 
Refactor Certificates into AWSCertificate sub-classes,
 allowing for the easy adding of new listener providers
 in the future. CloudFront and ElasticBeanstalk are both
 implemented this way. Fix alex#41

Also, add the --cert-only flag, fix alex#13

This PR supersedes alex#44 and partially alex#17
@kageurufu kageurufu mentioned this issue May 11, 2016
Closed
@amw amw linked a pull request May 17, 2016 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@alex @grischard